Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-21640 (GCVE-0-2025-21640)
Vulnerability from cvelistv5
Published
2025-01-19 10:17
Modified
2025-05-04 07:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
As mentioned in a previous commit of this series, using the 'net'
structure via 'current' is not recommended for different reasons:
- Inconsistency: getting info from the reader's/writer's netns vs only
from the opener's netns.
- current->nsproxy can be NULL in some cases, resulting in an 'Oops'
(null-ptr-deref), e.g. when the current task is exiting, as spotted by
syzbot [1] using acct(2).
The 'net' structure can be obtained from the table->data using
container_of().
Note that table->data could also be used directly, as this is the only
member needed from the 'net' structure, but that would increase the size
of this fix, to use '*data' everywhere 'net->sctp.sctp_hmac_alg' is
used.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 3c68198e75111a905ac2412be12bf7b29099729b Version: 3c68198e75111a905ac2412be12bf7b29099729b Version: 3c68198e75111a905ac2412be12bf7b29099729b Version: 3c68198e75111a905ac2412be12bf7b29099729b Version: 3c68198e75111a905ac2412be12bf7b29099729b Version: 3c68198e75111a905ac2412be12bf7b29099729b Version: 3c68198e75111a905ac2412be12bf7b29099729b |
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sctp/sysctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5599b212d2f4466e1832a94e9932684aaa364587",
"status": "affected",
"version": "3c68198e75111a905ac2412be12bf7b29099729b",
"versionType": "git"
},
{
"lessThan": "03ca51faba2b017bf6c90e139434c4117d0afcdc",
"status": "affected",
"version": "3c68198e75111a905ac2412be12bf7b29099729b",
"versionType": "git"
},
{
"lessThan": "86ddf8118123cb58a0fb8724cad6979c4069065b",
"status": "affected",
"version": "3c68198e75111a905ac2412be12bf7b29099729b",
"versionType": "git"
},
{
"lessThan": "3cd0659deb9c03535fd61839e91d4d4d3e51ac71",
"status": "affected",
"version": "3c68198e75111a905ac2412be12bf7b29099729b",
"versionType": "git"
},
{
"lessThan": "ad673e514b2793b8d5902f6ba6ab7e890dea23d5",
"status": "affected",
"version": "3c68198e75111a905ac2412be12bf7b29099729b",
"versionType": "git"
},
{
"lessThan": "f0bb3935470684306e4e04793a20ac4c4b08de0b",
"status": "affected",
"version": "3c68198e75111a905ac2412be12bf7b29099729b",
"versionType": "git"
},
{
"lessThan": "ea62dd1383913b5999f3d16ae99d411f41b528d4",
"status": "affected",
"version": "3c68198e75111a905ac2412be12bf7b29099729b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sctp/sysctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.292",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.234",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.177",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.125",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.72",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.292",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.234",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.177",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.125",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.72",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:18:02.677Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5599b212d2f4466e1832a94e9932684aaa364587"
},
{
"url": "https://git.kernel.org/stable/c/03ca51faba2b017bf6c90e139434c4117d0afcdc"
},
{
"url": "https://git.kernel.org/stable/c/86ddf8118123cb58a0fb8724cad6979c4069065b"
},
{
"url": "https://git.kernel.org/stable/c/3cd0659deb9c03535fd61839e91d4d4d3e51ac71"
},
{
"url": "https://git.kernel.org/stable/c/ad673e514b2793b8d5902f6ba6ab7e890dea23d5"
},
{
"url": "https://git.kernel.org/stable/c/f0bb3935470684306e4e04793a20ac4c4b08de0b"
},
{
"url": "https://git.kernel.org/stable/c/ea62dd1383913b5999f3d16ae99d411f41b528d4"
}
],
"title": "sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-21640",
"datePublished": "2025-01-19T10:17:57.593Z",
"dateReserved": "2024-12-29T08:45:45.727Z",
"dateUpdated": "2025-05-04T07:18:02.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-21640\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-01-19T11:15:09.537\",\"lastModified\":\"2025-04-10T13:15:46.927\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\\n\\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\\nstructure via \u0027current\u0027 is not recommended for different reasons:\\n\\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\\n from the opener\u0027s netns.\\n\\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\\n syzbot [1] using acct(2).\\n\\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\\ncontainer_of().\\n\\nNote that table-\u003edata could also be used directly, as this is the only\\nmember needed from the \u0027net\u0027 structure, but that would increase the size\\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\\nused.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sctp: sysctl: cookie_hmac_alg: evitar usar current-\u0026gt;nsproxy Como se mencion\u00f3 en un commit anterior de esta serie, no se recomienda usar la estructura \u0027net\u0027 a trav\u00e9s de \u0027current\u0027 por diferentes razones: - Inconsistencia: obtener informaci\u00f3n de los netns del lector/escritor vs solo de los netns del abridor. - current-\u0026gt;nsproxy puede ser NULL en algunos casos, lo que resulta en un \u0027Oops\u0027 (null-ptr-deref), por ejemplo cuando la tarea actual est\u00e1 saliendo, como lo detect\u00f3 syzbot [1] usando acct(2). La estructura \u0027net\u0027 se puede obtener de table-\u0026gt;data usando Container_of(). Tenga en cuenta que table-\u0026gt;data tambi\u00e9n se puede usar directamente, ya que este es el \u00fanico miembro necesario de la estructura \u0027net\u0027, pero eso aumentar\u00eda el tama\u00f1o de esta correcci\u00f3n, para usar \u0027*data\u0027 en todos los lugares donde se use \u0027net-\u0026gt;sctp.sctp_hmac_alg\u0027.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.8\",\"versionEndExcluding\":\"6.1.125\",\"matchCriteriaId\":\"102E9A75-004D-4E72-9120-25A5A9AA7185\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.72\",\"matchCriteriaId\":\"33E12097-C88A-45B4-9677-2A961A08DD3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.10\",\"matchCriteriaId\":\"02D604F6-10D1-4F7B-A022-0888406A1121\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62567B3C-6CEE-46D0-BC2E-B3717FBF7D13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A073481-106D-4B15-B4C7-FB0213B8E1D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE491969-75AE-4A6B-9A58-8FC5AF98798F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"93C0660D-7FB8-4FBA-892A-B064BA71E49E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"034C36A6-C481-41F3-AE9A-D116E5BE6895\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/03ca51faba2b017bf6c90e139434c4117d0afcdc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3cd0659deb9c03535fd61839e91d4d4d3e51ac71\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5599b212d2f4466e1832a94e9932684aaa364587\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/86ddf8118123cb58a0fb8724cad6979c4069065b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ad673e514b2793b8d5902f6ba6ab7e890dea23d5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ea62dd1383913b5999f3d16ae99d411f41b528d4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f0bb3935470684306e4e04793a20ac4c4b08de0b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
suse-su-2025:0955-1
Vulnerability from csaf_suse
Published
2025-03-19 16:11
Modified
2025-03-19 16:11
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
The following non-security bugs were fixed:
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- add nf_tables for iptables non-legacy network handling
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- doc: update managed_irq documentation (bsc#1236897).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- Fix conditional for selecting gcc-13
- Fix conditional for selecting gcc-13.
- Fix memory-hotplug regression (bsc#1237504)
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- Grab mm lock before grabbing pt lock (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- hid: hid-steam: Add Deck IMU support (stable-fixes).
- hid: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- hid: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- hid: hid-steam: Clean up locking (stable-fixes).
- hid: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- hid: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- hid: hid-steam: Fix cleanup in probe() (git-fixes).
- hid: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- hid: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- hid: hid-steam: remove pointless error message (stable-fixes).
- hid: hid-steam: Update list of identifiers from SDL (stable-fixes).
- hid: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- hid: multitouch: Add NULL check in mt_input_configured (git-fixes).
- hid: Wacom: Add PCI Wacom device support (stable-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- Input: allocate keycode for phone linking (stable-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-source: Also replace bin/env
- kvm: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- kvm: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- kvm: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- kvm: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- kvm: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- kvm: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- kvm: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- kvm: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- kvm: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- kvm: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- kvm: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- kvm: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- kvm: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- kvm: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- kvm: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- kvm: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- kvm: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- kvm: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- kvm: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- kvm: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- kvm: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- kvm: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- kvm: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- kvm: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- kvm: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md: convert comma to semicolon (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- Move upstreamed ACPI patch into sorted section
- mptcp: export local_address (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: move altnames together with the netdevice (bsc#1233749).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- packaging: Turn gcc version into config.sh variable.
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- Pickup RXE code change introduced by upstream merge
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- regmap-irq: Add missing kfree() (git-fixes).
- Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes).
- Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- usb: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- usb: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: serial: option: add MeiG Smart SLM828 (stable-fixes).
- usb: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- usb: serial: option: drop MeiG Smart defines (stable-fixes).
- usb: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
Patchnames
SUSE-2025-955,SUSE-SLE-Module-Live-Patching-15-SP6-2025-955,SUSE-SLE-Module-RT-15-SP6-2025-955,openSUSE-SLE-15.6-2025-955
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n\nThe following non-security bugs were fixed:\n\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- add nf_tables for iptables non-legacy network handling \n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- Fix conditional for selecting gcc-13 \n- Fix conditional for selecting gcc-13.\n- Fix memory-hotplug regression (bsc#1237504) \n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- Grab mm lock before grabbing pt lock (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- hid: hid-steam: Add Deck IMU support (stable-fixes).\n- hid: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- hid: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- hid: hid-steam: Clean up locking (stable-fixes).\n- hid: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- hid: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- hid: hid-steam: Fix cleanup in probe() (git-fixes).\n- hid: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- hid: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- hid: hid-steam: remove pointless error message (stable-fixes).\n- hid: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- hid: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- hid: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- hid: Wacom: Add PCI Wacom device support (stable-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- Input: allocate keycode for phone linking (stable-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-source: Also replace bin/env\n- kvm: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- kvm: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- kvm: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- kvm: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- kvm: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- kvm: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- kvm: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- kvm: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- kvm: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- kvm: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- kvm: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- kvm: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- kvm: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- kvm: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- kvm: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- kvm: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- kvm: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- kvm: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- kvm: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- kvm: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- kvm: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- kvm: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- kvm: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- kvm: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- kvm: x86/mmu: Skip the \u0027try unsync\u0027 path iff the old SPTE was a leaf SPTE (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- Move upstreamed ACPI patch into sorted section\n- mptcp: export local_address (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- packaging: Turn gcc version into config.sh variable. \n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- Pickup RXE code change introduced by upstream merge\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- regmap-irq: Add missing kfree() (git-fixes).\n- Revert \u0027blk-throttle: Fix IO hang for a corner case\u0027 (git-fixes).\n- Revert \u0027drm/amd/display: Use HW lock mgr for PSR1\u0027 (stable-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- smb3: fix creating FIFOs when mounting with \u0027sfu\u0027 mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools: fix annoying \u0027mkdir -p ...\u0027 logs when building tools in parallel (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- usb: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- usb: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- usb: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- usb: serial: option: drop MeiG Smart defines (stable-fixes).\n- usb: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-955,SUSE-SLE-Module-Live-Patching-15-SP6-2025-955,SUSE-SLE-Module-RT-15-SP6-2025-955,openSUSE-SLE-15.6-2025-955",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0955-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0955-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250955-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0955-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020563.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-03-19T16:11:24Z",
"generator": {
"date": "2025-03-19T16:11:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0955-1",
"initial_release_date": "2025-03-19T16:11:24Z",
"revision_history": [
{
"date": "2025-03-19T16:11:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-150600.10.29.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"product_id": "kernel-source-rt-6.4.0-150600.10.29.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt-extra-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt-optional-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt_debug-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "kernel-syms-rt-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"product_id": "reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP6",
"product": {
"name": "SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-150600.10.29.1.noarch as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-150600.10.29.1.noarch as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of SUSE Real Time Module 15 SP6",
"product_id": "SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-150600.10.29.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-extra-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-optional-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-150600.10.29.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
},
"product_reference": "reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_29-rt-1-150600.1.3.2.x86_64",
"SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.29.1.noarch",
"openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.29.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T16:11:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
}
]
}
suse-su-2025:0784-1
Vulnerability from csaf_suse
Published
2025-03-05 13:04
Modified
2025-03-05 13:04
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26708: mptcp: fastopen and PM-trigger subflow shutdown can race (bsc#1222672).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50185: mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
The following non-security bugs were fixed:
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- Input: allocate keycode for phone linking (stable-fixes).
- KVM: SVM: Propagate error from snp_guest_req_init() to userspace (jsc#PED-348).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Process atomically-zapped SPTEs after TLB flush (jsc#PED-6143).
- KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- Pickup RXE code change introduced by upstream.
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes).
- Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- doc: update managed_irq documentation (bsc#1236897).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- hfs: Sanity check the root record (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kvm: svm: Fix gctx page leak on invalid inputs (jsc#PED-348).
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (bsc#1235933 bsc#1235932).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- x86/xen: Grab mm lock before grabbing pt lock (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
Patchnames
SUSE-2025-784,SUSE-SLE-Module-Confidential-Computing-15-SP6-2025-784
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-26708: mptcp: fastopen and PM-trigger subflow shutdown can race (bsc#1222672).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50185: mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n\nThe following non-security bugs were fixed:\n\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- Input: allocate keycode for phone linking (stable-fixes).\n- KVM: SVM: Propagate error from snp_guest_req_init() to userspace (jsc#PED-348).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Process atomically-zapped SPTEs after TLB flush (jsc#PED-6143).\n- KVM: x86/mmu: Skip the \u0027try unsync\u0027 path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- Pickup RXE code change introduced by upstream.\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Revert \u0027blk-throttle: Fix IO hang for a corner case\u0027 (git-fixes).\n- Revert \u0027drm/amd/display: Use HW lock mgr for PSR1\u0027 (stable-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- hfs: Sanity check the root record (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kvm: svm: Fix gctx page leak on invalid inputs (jsc#PED-348).\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (bsc#1235933 bsc#1235932).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools: fix annoying \u0027mkdir -p ...\u0027 logs when building tools in parallel (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- x86/xen: Grab mm lock before grabbing pt lock (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-784,SUSE-SLE-Module-Confidential-Computing-15-SP6-2025-784",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0784-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0784-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250784-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0784-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020484.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235032",
"url": "https://bugzilla.suse.com/1235032"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56568 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-03-05T13:04:51Z",
"generator": {
"date": "2025-03-05T13:04:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0784-1",
"initial_release_date": "2025-03-05T13:04:51Z",
"revision_history": [
{
"date": "2025-03-05T13:04:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"product": {
"name": "kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"product_id": "kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"product": {
"name": "kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"product_id": "kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "cluster-md-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "cluster-md-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "dlm-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "dlm-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "gfs2-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "gfs2-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-extra-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-extra-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "kernel-coco-extra-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-livepatch-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-livepatch-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "kernel-coco-livepatch-devel-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-optional-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-optional-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "kernel-coco-optional-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco-vdso-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco-vdso-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "kernel-coco-vdso-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-coco_debug-vdso-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "kernel-coco_debug-vdso-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "kernel-coco_debug-vdso-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "kselftests-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "kselftests-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "ocfs2-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "ocfs2-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product": {
"name": "reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"product_id": "reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-confidential-computing:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
},
"product_reference": "kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64"
},
"product_reference": "kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64"
},
"product_reference": "kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64"
},
"product_reference": "kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch"
},
"product_reference": "kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch"
},
"product_reference": "kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
},
"product_reference": "kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64 as component of SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
},
"product_reference": "reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: Defer probe of clients after smmu device bound\n\nNull pointer dereference occurs due to a race between smmu\ndriver probe and client driver probe, when of_dma_configure()\nfor client is called after the iommu_device_register() for smmu driver\nprobe has executed but before the driver_bound() for smmu driver\nhas been called.\n\nFollowing is how the race occurs:\n\nT1:Smmu device probe\t\tT2: Client device probe\n\nreally_probe()\narm_smmu_device_probe()\niommu_device_register()\n\t\t\t\t\treally_probe()\n\t\t\t\t\tplatform_dma_configure()\n\t\t\t\t\tof_dma_configure()\n\t\t\t\t\tof_dma_configure_id()\n\t\t\t\t\tof_iommu_configure()\n\t\t\t\t\tiommu_probe_device()\n\t\t\t\t\tiommu_init_device()\n\t\t\t\t\tarm_smmu_probe_device()\n\t\t\t\t\tarm_smmu_get_by_fwnode()\n\t\t\t\t\t\tdriver_find_device_by_fwnode()\n\t\t\t\t\t\tdriver_find_device()\n\t\t\t\t\t\tnext_device()\n\t\t\t\t\t\tklist_next()\n\t\t\t\t\t\t /* null ptr\n\t\t\t\t\t\t assigned to smmu */\n\t\t\t\t\t/* null ptr dereference\n\t\t\t\t\t while smmu-\u003estreamid_mask */\ndriver_bound()\n\tklist_add_tail()\n\nWhen this null smmu pointer is dereferenced later in\narm_smmu_probe_device, the device crashes.\n\nFix this by deferring the probe of the client device\nuntil the smmu device has bound to the arm smmu driver.\n\n[will: Add comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56568",
"url": "https://www.suse.com/security/cve/CVE-2024-56568"
},
{
"category": "external",
"summary": "SUSE Bug 1235032 for CVE-2024-56568",
"url": "https://bugzilla.suse.com/1235032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-56568"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-coco_debug-devel-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-devel-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-source-coco-6.4.0-15061.18.coco15sp6.1.noarch",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:kernel-syms-coco-6.4.0-15061.18.coco15sp6.1.x86_64",
"SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6:reiserfs-kmp-coco-6.4.0-15061.18.coco15sp6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-05T13:04:51Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
}
]
}
suse-su-2025:0847-1
Vulnerability from csaf_suse
Published
2025-03-12 13:00
Modified
2025-03-12 13:00
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Fix memory-hotplug regression (bsc#1237504).
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: allocate keycode for phone linking (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes).
- Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094).
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- doc/README.SUSE: Point to the updated version of LKMPG
- doc: update managed_irq documentation (bsc#1236897).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-source: Also replace bin/env
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: move altnames together with the netdevice (bsc#1233749).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
Patchnames
SUSE-2025-847,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-847,openSUSE-SLE-15.6-2025-847
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032).\n- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).\n- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).\n- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- Fix memory-hotplug regression (bsc#1237504).\n- Grab mm lock before grabbing pt lock (git-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: allocate keycode for phone linking (stable-fixes).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Skip the \u0027try unsync\u0027 path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Revert \u0027blk-throttle: Fix IO hang for a corner case\u0027 (git-fixes).\n- Revert \u0027drm/amd/display: Use HW lock mgr for PSR1\u0027 (stable-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- Update \u0027drm/mgag200: Added support for the new device G200eH5\u0027 (jsc#PED-12094).\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- doc/README.SUSE: Point to the updated version of LKMPG\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-source: Also replace bin/env\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).\n- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).\n- media: ov08x40: Fix hblank out of range issue (git-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- smb3: fix creating FIFOs when mounting with \u0027sfu\u0027 mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools: fix annoying \u0027mkdir -p ...\u0027 logs when building tools in parallel (git-fixes).\n- tty: xilinx_uartps: split sysrq handling (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: chipidea: ci_hdrc_imx: decrement device\u0027s refcount in .remove() and in the error path of .probe() (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio-mem: check if the config changed before fake offlining memory (git-fixes).\n- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).\n- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).\n- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- vsock/virtio: cancel close work in the destructor (git-fixes)\n- vsock: Keep the binding until socket destruction (git-fixes)\n- vsock: reset socket state when de-assigning the transport (git-fixes)\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-847,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-847,openSUSE-SLE-15.6-2025-847",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0847-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0847-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250847-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0847-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020505.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1231088",
"url": "https://bugzilla.suse.com/1231088"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235032",
"url": "https://bugzilla.suse.com/1235032"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235244",
"url": "https://bugzilla.suse.com/1235244"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235914",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236680",
"url": "https://bugzilla.suse.com/1236680"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236683",
"url": "https://bugzilla.suse.com/1236683"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236685",
"url": "https://bugzilla.suse.com/1236685"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236694",
"url": "https://bugzilla.suse.com/1236694"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238494",
"url": "https://bugzilla.suse.com/1238494"
},
{
"category": "self",
"summary": "SUSE Bug 1238496",
"url": "https://bugzilla.suse.com/1238496"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238521",
"url": "https://bugzilla.suse.com/1238521"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56568 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21666 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21669 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-03-12T13:00:02Z",
"generator": {
"date": "2025-03-12T13:00:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0847-1",
"initial_release_date": "2025-03-12T13:00:02Z",
"revision_history": [
{
"date": "2025-03-12T13:00:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "kernel-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "kernel-azure-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"product_id": "kernel-azure-devel-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"product_id": "kernel-azure-extra-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"product_id": "kernel-azure-optional-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "kernel-syms-azure-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"product_id": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"product": {
"name": "kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"product_id": "kernel-devel-azure-6.4.0-150600.8.31.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"product": {
"name": "kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"product_id": "kernel-source-azure-6.4.0-150600.8.31.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "kernel-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "kernel-azure-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"product_id": "kernel-azure-devel-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"product_id": "kernel-azure-extra-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"product_id": "kernel-azure-optional-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"product_id": "kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "kernel-syms-azure-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"product_id": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.31.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.31.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-6.4.0-150600.8.31.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch"
},
"product_reference": "kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-6.4.0-150600.8.31.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch"
},
"product_reference": "kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-extra-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-extra-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-optional-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-optional-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-6.4.0-150600.8.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch"
},
"product_reference": "kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-6.4.0-150600.8.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch"
},
"product_reference": "kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64"
},
"product_reference": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
},
"product_reference": "reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-46858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n CPU1\t\t\t\tCPU2\n ==== ====\n net_rx_action\n napi_poll netlink_sendmsg\n __napi_poll netlink_unicast\n process_backlog netlink_unicast_kernel\n __netif_receive_skb genl_rcv\n __netif_receive_skb_one_core netlink_rcv_skb\n NF_HOOK genl_rcv_msg\n ip_local_deliver_finish genl_family_rcv_msg\n ip_protocol_deliver_rcu genl_family_rcv_msg_doit\n tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit\n tcp_v4_do_rcv mptcp_nl_remove_addrs_list\n tcp_rcv_established mptcp_pm_remove_addrs_and_subflows\n tcp_data_queue remove_anno_list_by_saddr\n mptcp_incoming_options mptcp_pm_del_add_timer\n mptcp_pm_del_add_timer kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by \"pm.lock\", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of \"entry-\u003eadd_timer\".\n\nMove list_del(\u0026entry-\u003elist) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar \"entry-\u003ex\" uaf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46858",
"url": "https://www.suse.com/security/cve/CVE-2024-46858"
},
{
"category": "external",
"summary": "SUSE Bug 1231088 for CVE-2024-46858",
"url": "https://bugzilla.suse.com/1231088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-46858"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: Defer probe of clients after smmu device bound\n\nNull pointer dereference occurs due to a race between smmu\ndriver probe and client driver probe, when of_dma_configure()\nfor client is called after the iommu_device_register() for smmu driver\nprobe has executed but before the driver_bound() for smmu driver\nhas been called.\n\nFollowing is how the race occurs:\n\nT1:Smmu device probe\t\tT2: Client device probe\n\nreally_probe()\narm_smmu_device_probe()\niommu_device_register()\n\t\t\t\t\treally_probe()\n\t\t\t\t\tplatform_dma_configure()\n\t\t\t\t\tof_dma_configure()\n\t\t\t\t\tof_dma_configure_id()\n\t\t\t\t\tof_iommu_configure()\n\t\t\t\t\tiommu_probe_device()\n\t\t\t\t\tiommu_init_device()\n\t\t\t\t\tarm_smmu_probe_device()\n\t\t\t\t\tarm_smmu_get_by_fwnode()\n\t\t\t\t\t\tdriver_find_device_by_fwnode()\n\t\t\t\t\t\tdriver_find_device()\n\t\t\t\t\t\tnext_device()\n\t\t\t\t\t\tklist_next()\n\t\t\t\t\t\t /* null ptr\n\t\t\t\t\t\t assigned to smmu */\n\t\t\t\t\t/* null ptr dereference\n\t\t\t\t\t while smmu-\u003estreamid_mask */\ndriver_bound()\n\tklist_add_tail()\n\nWhen this null smmu pointer is dereferenced later in\narm_smmu_probe_device, the device crashes.\n\nFix this by deferring the probe of the client device\nuntil the smmu device has bound to the arm smmu driver.\n\n[will: Add comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56568",
"url": "https://www.suse.com/security/cve/CVE-2024-56568"
},
{
"category": "external",
"summary": "SUSE Bug 1235032 for CVE-2024-56568",
"url": "https://bugzilla.suse.com/1235032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56568"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (\u0026htab-\u003elockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab\u0027s lock (s-\u003ecpu_slab-\u003elock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock\u0027s type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for -\u003emap_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes -\u003emap_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab-\u003eextra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn\u0027t support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn\u0027t have the problem, so kept\nit as\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56592",
"url": "https://www.suse.com/security/cve/CVE-2024-56592"
},
{
"category": "external",
"summary": "SUSE Bug 1235244 for CVE-2024-56592",
"url": "https://bugzilla.suse.com/1235244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56592"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-57882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 \u003c80\u003e 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n \u003c/TASK\u003e\n\nEric noted a probable shinfo-\u003enr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57882",
"url": "https://www.suse.com/security/cve/CVE-2024-57882"
},
{
"category": "external",
"summary": "SUSE Bug 1235914 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "external",
"summary": "SUSE Bug 1235916 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2024-57882"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can\u0027t explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\n\n pps_core: source serial1 got cdev (251:1)\n \u003c...\u003e\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57979",
"url": "https://www.suse.com/security/cve/CVE-2024-57979"
},
{
"category": "external",
"summary": "SUSE Bug 1238521 for CVE-2024-57979",
"url": "https://bugzilla.suse.com/1238521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn\u0027t.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21666",
"url": "https://www.suse.com/security/cve/CVE-2025-21666"
},
{
"category": "external",
"summary": "SUSE Bug 1236680 for CVE-2025-21666",
"url": "https://bugzilla.suse.com/1236680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21669",
"url": "https://www.suse.com/security/cve/CVE-2025-21669"
},
{
"category": "external",
"summary": "SUSE Bug 1236683 for CVE-2025-21669",
"url": "https://bugzilla.suse.com/1236683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21670",
"url": "https://www.suse.com/security/cve/CVE-2025-21670"
},
{
"category": "external",
"summary": "SUSE Bug 1236685 for CVE-2025-21670",
"url": "https://bugzilla.suse.com/1236685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21670"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clear port select structure when fail to create\n\nClear the port select structure on error so no stale values left after\ndefiners are destroyed. That\u0027s because the mlx5_lag_destroy_definers()\nalways try to destroy all lag definers in the tt_map, so in the flow\nbelow lag definers get double-destroyed and cause kernel crash:\n\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 1\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets destroyed\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 0\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets double-destroyed\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 64k pages, 48-bit VAs, pgdp=0000000112ce2e00\n [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n Modules linked in: iptable_raw bonding ip_gre ip6_gre gre ip6_tunnel tunnel6 geneve ip6_udp_tunnel udp_tunnel ipip tunnel4 ip_tunnel rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) mlx5_fwctl(OE) fwctl(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlxfw(OE) memtrack(OE) mlx_compat(OE) openvswitch nsh nf_conncount psample xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc netconsole overlay efi_pstore sch_fq_codel zram ip_tables crct10dif_ce qemu_fw_cfg fuse ipv6 crc_ccitt [last unloaded: mlx_compat(OE)]\n CPU: 3 UID: 0 PID: 217 Comm: kworker/u53:2 Tainted: G OE 6.11.0+ #2\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n lr : mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n sp : ffff800085fafb00\n x29: ffff800085fafb00 x28: ffff0000da0c8000 x27: 0000000000000000\n x26: ffff0000da0c8000 x25: ffff0000da0c8000 x24: ffff0000da0c8000\n x23: ffff0000c31f81a0 x22: 0400000000000000 x21: ffff0000da0c8000\n x20: 0000000000000000 x19: 0000000000000001 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8b0c9350\n x14: 0000000000000000 x13: ffff800081390d18 x12: ffff800081dc3cc0\n x11: 0000000000000001 x10: 0000000000000b10 x9 : ffff80007ab7304c\n x8 : ffff0000d00711f0 x7 : 0000000000000004 x6 : 0000000000000190\n x5 : ffff00027edb3010 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : ffff0000d39b8000 x1 : ffff0000d39b8000 x0 : 0400000000000000\n Call trace:\n mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n mlx5_lag_destroy_definers+0xa0/0x108 [mlx5_core]\n mlx5_lag_port_sel_create+0x2d4/0x6f8 [mlx5_core]\n mlx5_activate_lag+0x60c/0x6f8 [mlx5_core]\n mlx5_do_bond_work+0x284/0x5c8 [mlx5_core]\n process_one_work+0x170/0x3e0\n worker_thread+0x2d8/0x3e0\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n Code: a9025bf5 aa0003f6 a90363f7 f90023f9 (f9400400)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21675",
"url": "https://www.suse.com/security/cve/CVE-2025-21675"
},
{
"category": "external",
"summary": "SUSE Bug 1236694 for CVE-2025-21675",
"url": "https://bugzilla.suse.com/1236694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21675"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix resetting of tracepoints\n\nIf a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD\ndisabled, but then that option is enabled and timerlat is removed, the\ntracepoints that were enabled on timerlat registration do not get\ndisabled. If the option is disabled again and timelat is started, then it\ntriggers a warning in the tracepoint code due to registering the\ntracepoint again without ever disabling it.\n\nDo not use the same user space defined options to know to disable the\ntracepoints when timerlat is removed. Instead, set a global flag when it\nis enabled and use that flag to know to disable the events.\n\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n ~# echo OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo nop \u003e /sys/kernel/tracing/current_tracer\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n\nTriggers:\n\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0\n Modules linked in:\n CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:tracepoint_add_func+0x3b6/0x3f0\n Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff \u003c0f\u003e 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b\n RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202\n RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410\n RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002\n R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001\n R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008\n FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __warn.cold+0xb7/0x14d\n ? tracepoint_add_func+0x3b6/0x3f0\n ? report_bug+0xea/0x170\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? tracepoint_add_func+0x3b6/0x3f0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n tracepoint_probe_register+0x78/0xb0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n osnoise_workload_start+0x2b5/0x370\n timerlat_tracer_init+0x76/0x1b0\n tracing_set_tracer+0x244/0x400\n tracing_set_trace_write+0xa0/0xe0\n vfs_write+0xfc/0x570\n ? do_sys_openat2+0x9c/0xe0\n ksys_write+0x72/0xf0\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21733",
"url": "https://www.suse.com/security/cve/CVE-2025-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1238494 for CVE-2025-21733",
"url": "https://bugzilla.suse.com/1238494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion failure when splitting ordered extent after transaction abort\n\nIf while we are doing a direct IO write a transaction abort happens, we\nmark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done\nat btrfs_destroy_ordered_extents()), and then after that if we enter\nbtrfs_split_ordered_extent() and the ordered extent has bytes left\n(meaning we have a bio that doesn\u0027t cover the whole ordered extent, see\ndetails at btrfs_extract_ordered_extent()), we will fail on the following\nassertion at btrfs_split_ordered_extent():\n\n ASSERT(!(flags \u0026 ~BTRFS_ORDERED_TYPE_FLAGS));\n\nbecause the BTRFS_ORDERED_IOERR flag is set and the definition of\nBTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the\ntype of write (regular, nocow, prealloc, compressed, direct IO, encoded).\n\nFix this by returning an error from btrfs_extract_ordered_extent() if we\nfind the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will\nbe the error that resulted in the transaction abort or -EIO if no\ntransaction abort happened.\n\nThis was recently reported by syzbot with the following trace:\n\n FAULT_INJECTION: forcing a failure.\n name failslab, interval 1, probability 0, space 0, times 1\n CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n fail_dump lib/fault-inject.c:53 [inline]\n should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154\n should_failslab+0xac/0x100 mm/failslab.c:46\n slab_pre_alloc_hook mm/slub.c:4072 [inline]\n slab_alloc_node mm/slub.c:4148 [inline]\n __do_kmalloc_node mm/slub.c:4297 [inline]\n __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742\n reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292\n check_system_chunk fs/btrfs/block-group.c:4319 [inline]\n do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]\n btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187\n find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]\n find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579\n btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672\n btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]\n btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321\n btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525\n iomap_iter+0x697/0xf60 fs/iomap/iter.c:90\n __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702\n btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]\n btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880\n btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_pwritev fs/read_write.c:1146 [inline]\n __do_sys_pwritev2 fs/read_write.c:1204 [inline]\n __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f1281f85d29\n RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148\n RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29\n RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005\n RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003\n R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002\n R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328\n \u003c/TASK\u003e\n BTRFS error (device loop0 state A): Transaction aborted (error -12)\n BTRFS: error (device loop0 state A\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21754",
"url": "https://www.suse.com/security/cve/CVE-2025-21754"
},
{
"category": "external",
"summary": "SUSE Bug 1238496 for CVE-2025-21754",
"url": "https://bugzilla.suse.com/1238496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.31.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.31.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T13:00:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
}
]
}
suse-su-2025:20260-1
Vulnerability from csaf_suse
Published
2025-04-17 10:48
Modified
2025-04-17 10:48
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).
- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).
- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).
- CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).
- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56638: kABI fix for "netfilter: nft_inner: incorrect percpu area handling under softirq" (bsc#1235524).
- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).
- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).
- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).
- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).
- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).
- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).
- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).
- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).
- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).
- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).
- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).
- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).
- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).
- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).
- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).
- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).
- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).
- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).
- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).
- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).
- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).
- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).
- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).
- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).
- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: ops: Consistently treat platform_max as control value (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).
- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).
- Fix memory-hotplug regression (bsc#1237504)
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Enable playstation driver independently of sony driver (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).
- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).
- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).
- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: ads7846 - fix gpiod allocation (git-fixes).
- Input: allocate keycode for phone linking (stable-fixes).
- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).
- Input: iqs7222 - preserve system status register (git-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - rename QH controller to Legion Go S (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- Move upstreamed ACPI patch into sorted section
- Move upstreamed PCI and initramfs patches into sorted section
- Move upstreamed nfsd and sunrpc patches into sorted section
- Move upstreamed powerpc and SCSI patches into sorted section
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).
- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)
- PCI/DOE: Support discovery version 2 (bsc#1237853)
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).
- PCI: brcmstb: Use internal register to change link capability (git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Reapply "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "blk-throttle: Fix IO hang for a corner case" (git-fixes).
- Revert "dm: requeue IO if mapping table not yet available" (git-fixes).
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (git-fixes).
- Revert "drm/amd/display: Use HW lock mgr for PSR1" (stable-fixes).
- Revert "leds-pca955x: Remove the unused function pca95xx_num_led_regs()" (stable-fixes).
- Revert "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "wifi: ath11k: support hibernation" (bsc#1207948).
- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).
- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).
- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).
- Update "drm/mgag200: Added support for the new device G200eH5" (jsc#PED-12094)
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- add nf_tables for iptables non-legacy network handling.
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435).
- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).
- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).
- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).
- ata: pata_parport: add custom version of wait_after_reset (git-fixes).
- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).
- ata: pata_serverworks: Do not use the term blacklist (git-fixes).
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: cleanup and fix batch completion adding conditions (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: do not revert iter for -EIOCBQUEUED (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).
- bpf: Fix a verifier verbose message (git-fixes).
- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).
- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).
- bpf: prevent r10 register from being marked as precise (git-fixes).
- broadcom: fix supported flag check in periodic output function (git-fixes).
- btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605).
- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).
- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).
- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).
- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).
- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: ucan: fix out of bound read in strscpy() source (git-fixes).
- cdx: Fix possible UAF error in driver_override_show() (git-fixes).
- char: misc: deallocate static minor in error path (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).
- config: Set gcc version (jsc#PED-12251).
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).
- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)
- cpufreq/cppc: Move and rename (bsc#1237856)
- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)
- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (jsc#PED-12416).
- crypto: qat - Fix typo "accelaration" (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - add support for device telemetry (jsc#PED-12416).
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - fix "Full Going True" macro definition (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- dlm: prevent NPD when writing a positive value to event_done (git-fixes).
- dm array: fix cursor index when skipping across block boundaries (git-fixes).
- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).
- dm init: Handle minors larger than 255 (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm persistent data: fix memory allocation failure (git-fixes).
- dm resume: do not return EINVAL when signalled (git-fixes).
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes).
- dm-crypt: track tag_offset in convert_context (git-fixes).
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- dm-delay: fix max_delay calculations (git-fixes).
- dm-delay: fix workqueue delay_timer race (git-fixes).
- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).
- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).
- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).
- dm: Fix typo in error message (git-fixes).
- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).
- doc/README.SUSE: Point to the updated version of LKMPG
- doc: update managed_irq documentation (bsc#1236897).
- driver core: Remove needless return in void API device_remove_group() (git-fixes).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).
- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).
- drm/amd/display: Fix HPD after gpu reset (stable-fixes).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).
- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/bridge: Fix spelling mistake "gettin" -> "getting" (git-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/dpu: do not use active in atomic_check() (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/nouveau: Do not override forced connector status (stable-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).
- drm/repaper: fix integer overflows in repeat functions (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- drm/vkms: Fix use after free and double free on init error (git-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).
- firmware: cs_dsp: Remove async regmap writes (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: rcar: Fix missing of_node_put() call (git-fixes).
- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).
- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).
- iio: dac: ad3552r: clear reset status flag (git-fixes).
- iio: filter: admv8818: Force initialization of SDO (git-fixes).
- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).
- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).
- init: add initramfs_internal.h (bsc#1232848).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- initramfs: allocate heap buffers together (bsc#1232848).
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- ioam6: improve checks on user data (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI workaround for intel-ish-hid (git-fixes).
- kABI workaround for soc_mixer_control changes (git-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-source: Also replace bin/env
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).
- l2tp: fix lockdep splat (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: 842: Improve error handling in sw842_compress() (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- mdacon: rework dependency list (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).
- media: streamzap: fix race between device disconnection and urb callback (git-fixes).
- media: streamzap: prevent processing IR data on URB failure (git-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).
- media: venus: hfi: add check to handle incorrect queue size (git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- media: vim2m: print device name after registering device (git-fixes).
- media: visl: Fix ERANGE error when setting enum controls (git-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- memblock tests: fix warning: "__ALIGN_KERNEL" redefined (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).
- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Remove extern from function prototypes (stable-fixes).
- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).
- mm: accept to promo watermark (bsc#1239600).
- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).
- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- net l2tp: drop flow hash on forward (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).
- net/sched: flower: Add lock protection when remove filter handle (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes).
- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: add dev_net_rcu() helper (bsc#1239994).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).
- net: move altnames together with the netdevice (bsc#1233749).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).
- net: use unrcu_pointer() helper (git-fixes).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).
- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes).
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- nfsd: clear acl_access/acl_default after releasing them (git-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).
- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).
- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet-fc: Remove unused functions (git-fixes).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- nvmet: remove old function prototype (git-fixes).
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- ocfs2: handle a symlink read error correctly (git-fixes).
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- orangefs: fix a oob in orangefs_debug_write (git-fixes).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- padata: fix sysfs store callback check (git-fixes).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- partitions: mac: fix handling of bogus partition table (git-fixes).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).
- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896
bsc#1235932).
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- powerpc: Stop using no_llseek (bsc#1239573).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).
- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).
- rapidio: fix an API misues when rio_add_net() fails (git-fixes).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- regulator: check that dummy regulator has been probed before using it (stable-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- regulator: dummy: force synchronous probing (git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).
- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).
- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).
- smb3: fix creating FIFOs when mounting with "sfu" mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).
- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- sunrpc: suppress warnings for unused procfs functions (git-fixes).
- supported.conf: add now-included qat_420xx (external, intel)
- tcp: Add memory barrier to tcp_push() (git-fixes).
- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes).
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).
- tcp: Update window clamping condition (git-fixes).
- tcp: add tcp_done_with_error() helper (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).
- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- tcp: define initial scaling factor value as a macro (git-fixes).
- tcp: derive delack_max from rto_min (git-fixes).
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).
- tcp: fix mid stream window clamp (git-fixes).
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- tcp: fix race in tcp_write_err() (git-fixes).
- tcp: fix races in tcp_abort() (git-fixes).
- tcp: fix races in tcp_v_err() (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes).
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).
- tcp: increase the default TCP scaling ratio (git-fixes).
- tcp: introduce tcp_clock_ms() (git-fixes).
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).
- tools: fix annoying "mkdir -p ..." logs when building tools in parallel (git-fixes).
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).
- tpm: do not start chip while suspended (git-fixes).
- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ubi: Add a check for ubi_num (git-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).
- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).
- usb: gadget: Fix setting self-powered state on suspend (git-fixes).
- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: hub: lack of clearing xHC resources (git-fixes).
- usb: phy: generic: Use proper helper for property detection (stable-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: renesas_usbhs: Call clk_put() (git-fixes).
- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).
- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).
- usb: typec: ucsi: Fix NULL pointer access (git-fixes).
- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- vfio/pci: Lock external INTx masking ops (bsc#1222803).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes).
- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).
- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).
- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).
- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- x86/microcode/intel: Cleanup code further (git-fixes).
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- x86/microcode/intel: Remove debug code (git-fixes).
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- x86/microcode/intel: Simplify early loading (git-fixes).
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- x86/microcode: Add per CPU control field (git-fixes).
- x86/microcode: Add per CPU result state (git-fixes).
- x86/microcode: Clarify the late load logic (git-fixes).
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- x86/microcode: Handle "nosmt" correctly (git-fixes).
- x86/microcode: Handle "offline" CPUs correctly (git-fixes).
- x86/microcode: Hide the config knob (git-fixes).
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- x86/microcode: Mop up early loading leftovers (git-fixes).
- x86/microcode: Move core specific defines to local header (git-fixes).
- x86/microcode: Prepare for minimal revision check (git-fixes).
- x86/microcode: Protect against instrumentation (git-fixes).
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- x86/microcode: Provide new control functions (git-fixes).
- x86/microcode: Remove microcode_mutex (git-fixes).
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/mm: Remove unused microcode.h include (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).
- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).
- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).
- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).
- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
Patchnames
SUSE-SLE-Micro-6.1-kernel-8
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).\n- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).\n- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).\n- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).\n- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).\n- CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).\n- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).\n- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).\n- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).\n- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56638: kABI fix for \"netfilter: nft_inner: incorrect percpu area handling under softirq\" (bsc#1235524).\n- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).\n- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).\n- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).\n- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).\n- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).\n- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).\n- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).\n- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).\n- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).\n- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).\n- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).\n- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).\n- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).\n- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy (bsc#1236111).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).\n- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).\n- CVE-2025-21678: gtp: Destroy device along with udp socket\u0027s netns dismantle (bsc#1236698).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).\n- CVE-2025-21703: netem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).\n- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).\n- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).\n- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).\n- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).\n- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).\n- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).\n- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).\n- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).\n- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).\n- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).\n- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).\n- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).\n- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).\n- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).\n- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).\n- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).\n- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).\n- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).\n- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).\n- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).\n- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).\n- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).\n- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).\n- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).\n- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).\n- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).\n- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).\n- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).\n- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).\n- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).\n- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).\n- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).\n- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).\n- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).\n- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).\n- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).\n- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).\n- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: ops: Consistently treat platform_max as control value (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- ASoC: rt722-sdca: add missing readable registers (git-fixes).\n- ASoC: tas2764: Fix power control mask (stable-fixes).\n- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).\n- ASoC: tas2770: Fix volume scale (stable-fixes).\n- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).\n- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).\n- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).\n- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).\n- Documentation: qat: fix auto_reset attribute details (git-fixes).\n- Documentation: qat: fix auto_reset section (git-fixes).\n- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).\n- Fix memory-hotplug regression (bsc#1237504)\n- Grab mm lock before grabbing pt lock (git-fixes).\n- HID: Enable playstation driver independently of sony driver (git-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).\n- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).\n- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).\n- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).\n- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).\n- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).\n- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).\n- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).\n- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).\n- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).\n- IB/mad: Check available slots before posting receive WRs (git-fixes)\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: ads7846 - fix gpiod allocation (git-fixes).\n- Input: allocate keycode for phone linking (stable-fixes).\n- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).\n- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).\n- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).\n- Input: iqs7222 - preserve system status register (git-fixes).\n- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).\n- Input: xpad - add multiple supported devices (stable-fixes).\n- Input: xpad - add support for TECNO Pocket Go (stable-fixes).\n- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).\n- Input: xpad - rename QH controller to Legion Go S (stable-fixes).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Skip the \"try unsync\" path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- Move upstreamed ACPI patch into sorted section\n- Move upstreamed PCI and initramfs patches into sorted section\n- Move upstreamed nfsd and sunrpc patches into sorted section\n- Move upstreamed powerpc and SCSI patches into sorted section\n- PCI/ACS: Fix \u0027pci=config_acs=\u0027 parameter (git-fixes).\n- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).\n- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)\n- PCI/DOE: Support discovery version 2 (bsc#1237853)\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).\n- PCI: Avoid reset when disabled via sysfs (git-fixes).\n- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).\n- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).\n- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).\n- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).\n- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).\n- PCI: brcmstb: Use internal register to change link capability (git-fixes).\n- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).\n- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).\n- PM: sleep: Adjust check before setting power.must_resume (git-fixes).\n- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).\n- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).\n- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)\n- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)\n- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/hns: Fix missing xa_destroy() (git-fixes)\n- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)\n- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)\n- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)\n- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)\n- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Reapply \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"blk-throttle: Fix IO hang for a corner case\" (git-fixes).\n- Revert \"dm: requeue IO if mapping table not yet available\" (git-fixes).\n- Revert \"drivers/card_reader/rtsx_usb: Restore interrupt based detection\" (git-fixes).\n- Revert \"drm/amd/display: Use HW lock mgr for PSR1\" (stable-fixes).\n- Revert \"leds-pca955x: Remove the unused function pca95xx_num_led_regs()\" (stable-fixes).\n- Revert \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"wifi: ath11k: support hibernation\" (bsc#1207948).\n- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).\n- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).\n- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).\n- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).\n- Update \"drm/mgag200: Added support for the new device G200eH5\" (jsc#PED-12094)\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).\n- accel/qaic: Fix possible data corruption in BOs \u003e 2G (git-fixes).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- add nf_tables for iptables non-legacy network handling.\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- af_unix: Annotate data-race of sk-\u003esk_state in unix_stream_read_skb() (bsc#1239435).\n- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).\n- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)\n- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)\n- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)\n- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)\n- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)\n- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)\n- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)\n- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)\n- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)\n- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)\n- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)\n- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)\n- ata: ahci: Add mask_port_map module parameter (git-fixes).\n- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).\n- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).\n- ata: pata_parport: add custom version of wait_after_reset (git-fixes).\n- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).\n- ata: pata_serverworks: Do not use the term blacklist (git-fixes).\n- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).\n- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).\n- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).\n- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- bitmap: introduce generic optimized bitmap_size() (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: cleanup and fix batch completion adding conditions (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: do not revert iter for -EIOCBQUEUED (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).\n- bpf: Fix a verifier verbose message (git-fixes).\n- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).\n- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).\n- bpf: prevent r10 register from being marked as precise (git-fixes).\n- broadcom: fix supported flag check in periodic output function (git-fixes).\n- btrfs: check delayed refs when we\u0027re checking if a ref exists (bsc#1239605).\n- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).\n- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).\n- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).\n- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).\n- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).\n- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).\n- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).\n- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).\n- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: flexcan: disable transceiver during system PM (git-fixes).\n- can: flexcan: only change CAN state when link up in system PM (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).\n- can: ucan: fix out of bound read in strscpy() source (git-fixes).\n- cdx: Fix possible UAF error in driver_override_show() (git-fixes).\n- char: misc: deallocate static minor in error path (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).\n- config: Set gcc version (jsc#PED-12251).\n- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).\n- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).\n- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)\n- cpufreq/cppc: Move and rename (bsc#1237856)\n- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)\n- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- cpumask: add cpumask_weight_andnot() (bsc#1239015).\n- cpumask: define cleanup function for cpumasks (bsc#1239015).\n- crypto: ccp - Fix check for the primary ASP device (git-fixes).\n- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).\n- crypto: iaa - Change desc-\u003epriv to 0 (jsc#PED-12416).\n- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).\n- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove header table code (jsc#PED-12416).\n- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).\n- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).\n- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).\n- crypto: iaa - Test the correct request flag (git-fixes).\n- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).\n- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).\n- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).\n- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).\n- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).\n- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).\n- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).\n- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).\n- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).\n- crypto: qat - Fix spelling mistake \"Invalide\" -\u003e \"Invalid\" (jsc#PED-12416).\n- crypto: qat - Fix typo \"accelaration\" (jsc#PED-12416).\n- crypto: qat - Fix typo (jsc#PED-12416).\n- crypto: qat - Remove trailing space after \\n newline (jsc#PED-12416).\n- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).\n- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).\n- crypto: qat - add auto reset on error (jsc#PED-12416).\n- crypto: qat - add bank save and restore flows (jsc#PED-12416).\n- crypto: qat - add fatal error notification (jsc#PED-12416).\n- crypto: qat - add fatal error notify method (jsc#PED-12416).\n- crypto: qat - add heartbeat error simulator (jsc#PED-12416).\n- crypto: qat - add interface for live migration (jsc#PED-12416).\n- crypto: qat - add support for 420xx devices (jsc#PED-12416).\n- crypto: qat - add support for device telemetry (jsc#PED-12416).\n- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).\n- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).\n- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).\n- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).\n- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).\n- crypto: qat - disable arbitration before reset (jsc#PED-12416).\n- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).\n- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).\n- crypto: qat - fix \"Full Going True\" macro definition (jsc#PED-12416).\n- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).\n- crypto: qat - fix comment structure (jsc#PED-12416).\n- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).\n- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).\n- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).\n- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).\n- crypto: qat - implement dh fallback for primes \u003e 4K (jsc#PED-12416).\n- crypto: qat - implement interface for live migration (jsc#PED-12416).\n- crypto: qat - improve aer error reset handling (jsc#PED-12416).\n- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).\n- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).\n- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).\n- crypto: qat - limit heartbeat notifications (jsc#PED-12416).\n- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).\n- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).\n- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).\n- crypto: qat - move fw config related structures (jsc#PED-12416).\n- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).\n- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).\n- crypto: qat - relocate CSR access code (jsc#PED-12416).\n- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).\n- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).\n- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).\n- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).\n- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).\n- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).\n- crypto: qat - set parity error mask for qat_420xx (git-fixes).\n- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).\n- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).\n- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).\n- crypto: qat - validate slices count returned by FW (jsc#PED-12416).\n- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- dlm: prevent NPD when writing a positive value to event_done (git-fixes).\n- dm array: fix cursor index when skipping across block boundaries (git-fixes).\n- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).\n- dm init: Handle minors larger than 255 (git-fixes).\n- dm integrity: fix out-of-range warning (git-fixes).\n- dm persistent data: fix memory allocation failure (git-fixes).\n- dm resume: do not return EINVAL when signalled (git-fixes).\n- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).\n- dm thin: Add missing destroy_work_on_stack() (git-fixes).\n- dm-crypt: do not update io-\u003esector after kcryptd_crypt_write_io_submit() (git-fixes).\n- dm-crypt: track tag_offset in convert_context (git-fixes).\n- dm-delay: fix hung task introduced by kthread mode (git-fixes).\n- dm-delay: fix max_delay calculations (git-fixes).\n- dm-delay: fix workqueue delay_timer race (git-fixes).\n- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).\n- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).\n- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).\n- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).\n- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).\n- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).\n- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).\n- dm: Fix typo in error message (git-fixes).\n- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).\n- doc/README.SUSE: Point to the updated version of LKMPG\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: Remove needless return in void API device_remove_group() (git-fixes).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).\n- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).\n- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).\n- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).\n- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).\n- drm/amd/display: Fix HPD after gpu reset (stable-fixes).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).\n- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).\n- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).\n- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).\n- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amdgpu/umsch: declare umsch firmware (git-fixes).\n- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).\n- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).\n- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).\n- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: Fix Circular Locking Dependency in \u0027svm_range_cpu_invalidate_pagetables\u0027 (git-fixes).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/atomic: Filter out redundant DPMS calls (stable-fixes).\n- drm/bridge: Fix spelling mistake \"gettin\" -\u003e \"getting\" (git-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).\n- drm/dp_mst: Fix drm RAD print (git-fixes).\n- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).\n- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).\n- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).\n- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).\n- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL\u0027s own port width macro (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mediatek: dp: drm_err =\u003e dev_err in HPD path to avoid NULL ptr (git-fixes).\n- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).\n- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).\n- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).\n- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/dpu: do not use active in atomic_check() (git-fixes).\n- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).\n- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/nouveau: Do not override forced connector status (stable-fixes).\n- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).\n- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).\n- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).\n- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).\n- drm/repaper: fix integer overflows in repeat functions (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/sched: Fix fence reference count leak (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).\n- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).\n- drm/ssd130x: fix ssd132x encoding (git-fixes).\n- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- drm/vkms: Fix use after free and double free on init error (git-fixes).\n- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).\n- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).\n- dummycon: fix default rows/cols (git-fixes).\n- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).\n- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).\n- fbdev: sm501fb: Add some geometry checks (git-fixes).\n- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).\n- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).\n- firmware: cs_dsp: Remove async regmap writes (git-fixes).\n- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: rcar: Fix missing of_node_put() call (git-fixes).\n- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).\n- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).\n- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).\n- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).\n- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).\n- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).\n- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- i2c: omap: fix IRQ storms (git-fixes).\n- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).\n- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).\n- i3c: master: svc: Fix missing the IBI rules (git-fixes).\n- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).\n- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).\n- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).\n- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).\n- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).\n- iio: dac: ad3552r: clear reset status flag (git-fixes).\n- iio: filter: admv8818: Force initialization of SDO (git-fixes).\n- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).\n- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).\n- init: add initramfs_internal.h (bsc#1232848).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- initramfs: allocate heap buffers together (bsc#1232848).\n- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).\n- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).\n- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).\n- intel_th: pci: Add Arrow Lake support (stable-fixes).\n- intel_th: pci: Add Panther Lake-H support (stable-fixes).\n- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).\n- ioam6: improve checks on user data (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- iommu/vt-d: Fix suspicious RCU usage (git-fixes).\n- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).\n- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).\n- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).\n- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).\n- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).\n- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).\n- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).\n- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).\n- ipv6: Use RCU in ip6_input() (bsc#1239994).\n- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).\n- ipv6: avoid atomic fragment on GSO packets (git-fixes).\n- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).\n- ipv6: fib: hide unused \u0027pn\u0027 variable (git-fixes).\n- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).\n- ipv6: fix potential NULL deref in fib6_add() (git-fixes).\n- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).\n- ipv6: introduce dst_rt6_info() helper (git-fixes).\n- ipv6: ioam: block BH from ioam6_output() (git-fixes).\n- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).\n- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- ipv6: sr: add missing seg6_local_exit (git-fixes).\n- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).\n- ipv6: take care of scope when choosing the src addr (git-fixes).\n- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).\n- jfs: add check read-only before txBeginAnon() call (git-fixes).\n- jfs: add index corruption check to DT_GETPAGE() (git-fixes).\n- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).\n- jfs: reject on-disk inodes of an unsupported type (git-fixes).\n- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)\n- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).\n- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).\n- kABI workaround for intel-ish-hid (git-fixes).\n- kABI workaround for soc_mixer_control changes (git-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: hdrcheck: fix cross build with clang (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-source: Also replace bin/env\n- kunit: qemu_configs: sparc: use Zilog console (git-fixes).\n- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).\n- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).\n- l2tp: fix lockdep splat (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: 842: Improve error handling in sw842_compress() (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- mdacon: rework dependency list (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).\n- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).\n- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).\n- media: i2c: ccs: Set the device\u0027s runtime PM status correctly in remove (git-fixes).\n- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).\n- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).\n- media: ov08x40: Fix hblank out of range issue (git-fixes).\n- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).\n- media: platform: stm32: Add check for clk_enable() (git-fixes).\n- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).\n- media: streamzap: fix race between device disconnection and urb callback (git-fixes).\n- media: streamzap: prevent processing IR data on URB failure (git-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).\n- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).\n- media: venus: hfi: add check to handle incorrect queue size (git-fixes).\n- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).\n- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).\n- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- media: vim2m: print device name after registering device (git-fixes).\n- media: visl: Fix ERANGE error when setting enum controls (git-fixes).\n- mei: me: add panther lake P DID (stable-fixes).\n- memblock tests: fix warning: \"__ALIGN_KERNEL\" redefined (git-fixes).\n- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).\n- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).\n- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).\n- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).\n- mfd: syscon: Remove extern from function prototypes (stable-fixes).\n- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).\n- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).\n- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).\n- mm: accept to promo watermark (bsc#1239600).\n- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).\n- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- mm: zswap: move allocations during CPU init outside the lock (git-fixes).\n- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).\n- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: Add check for devm_kcalloc() (git-fixes).\n- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).\n- mtd: nand: Fix a kdoc comment (git-fixes).\n- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).\n- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).\n- net l2tp: drop flow hash on forward (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).\n- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).\n- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).\n- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).\n- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).\n- net/sched: flower: Add lock protection when remove filter handle (git-fixes).\n- net/sched: taprio: make q-\u003epicos_per_byte available to fill_sched_entry() (git-fixes).\n- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: add dev_net_rcu() helper (bsc#1239994).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).\n- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).\n- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).\n- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).\n- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).\n- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).\n- net: ipv6: ioam6: code alignment (git-fixes).\n- net: ipv6: ioam6: new feature tunsrc (git-fixes).\n- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).\n- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).\n- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).\n- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: mana: Allow variable size indirection table (bsc#1239016).\n- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).\n- net: mana: Avoid open coded arithmetic (bsc#1239016).\n- net: mana: Cleanup \"mana\" debugfs dir after cleanup of all children (bsc#1236760).\n- net: mana: Enable debugfs files for MANA device (bsc#1236758).\n- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Support holes in device list reply msg (git-fixes).\n- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).\n- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: netvsc: Update default VMBus channels (bsc#1236757).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).\n- net: use unrcu_pointer() helper (git-fixes).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).\n- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).\n- net_sched: sch_sfq: annotate data-races around q-\u003eperturb_period (git-fixes).\n- net_sched: sch_sfq: handle bigger packets (git-fixes).\n- nfsd: clear acl_access/acl_default after releasing them (git-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).\n- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).\n- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-ioctl: fix leaked requests on mapping error (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).\n- nvme-pci: remove stale comment (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: Fix a C2HTermReq error message (git-fixes).\n- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).\n- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).\n- nvme: move passthrough logging attribute to head (git-fixes).\n- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvmet-fc: Remove unused functions (git-fixes).\n- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).\n- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- nvmet: remove old function prototype (git-fixes).\n- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).\n- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- ocfs2: handle a symlink read error correctly (git-fixes).\n- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).\n- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).\n- orangefs: fix a oob in orangefs_debug_write (git-fixes).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- padata: fix sysfs store callback check (git-fixes).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- partitions: mac: fix handling of bogus partition table (git-fixes).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).\n- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).\n- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).\n- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).\n- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).\n- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).\n- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).\n- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).\n- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896\n bsc#1235932).\n- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- powerpc: Stop using no_llseek (bsc#1239573).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).\n- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).\n- rapidio: fix an API misues when rio_add_net() fails (git-fixes).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- regulator: check that dummy regulator has been probed before using it (stable-fixes).\n- regulator: core: Fix deadlock in create_regulator() (git-fixes).\n- regulator: dummy: force synchronous probing (git-fixes).\n- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- rpm/release-projects: Update the ALP projects again (bsc#1231293).\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).\n- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).\n- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).\n- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/mm/cow: fix the incorrect error handling (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).\n- smb3: fix creating FIFOs when mounting with \"sfu\" mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: destroy cfid_put_wq on module exit (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- soc: imx8m: Remove global soc_uid (stable-fixes).\n- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).\n- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).\n- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: pdr: Fix the potential deadlock (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).\n- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).\n- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).\n- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- splice: do not checksum AF_UNIX sockets (bsc#1240333).\n- sunrpc: suppress warnings for unused procfs functions (git-fixes).\n- supported.conf: add now-included qat_420xx (external, intel)\n- tcp: Add memory barrier to tcp_push() (git-fixes).\n- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).\n- tcp: Annotate data-race around sk-\u003esk_mark in tcp_v4_send_reset (git-fixes).\n- tcp: Defer ts_recent changes until req is owned (git-fixes).\n- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).\n- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).\n- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).\n- tcp: Update window clamping condition (git-fixes).\n- tcp: add tcp_done_with_error() helper (git-fixes).\n- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).\n- tcp: annotate data-races around tp-\u003ewindow_clamp (git-fixes).\n- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).\n- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).\n- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).\n- tcp: check space before adding MPTCP SYN options (git-fixes).\n- tcp: clear tp-\u003eretrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).\n- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).\n- tcp: define initial scaling factor value as a macro (git-fixes).\n- tcp: derive delack_max from rto_min (git-fixes).\n- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).\n- tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).\n- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).\n- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).\n- tcp: fix mid stream window clamp (git-fixes).\n- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).\n- tcp: fix race in tcp_write_err() (git-fixes).\n- tcp: fix races in tcp_abort() (git-fixes).\n- tcp: fix races in tcp_v_err() (git-fixes).\n- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it\u0027s safe (git-fixes).\n- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).\n- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).\n- tcp: increase the default TCP scaling ratio (git-fixes).\n- tcp: introduce tcp_clock_ms() (git-fixes).\n- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).\n- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).\n- tcp: remove 64 KByte limit for initial tp-\u003ercv_wnd value (git-fixes).\n- tcp: replace tcp_time_stamp_raw() (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).\n- thermal: int340x: Add NULL check for adev (git-fixes).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).\n- tools: fix annoying \"mkdir -p ...\" logs when building tools in parallel (git-fixes).\n- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).\n- tpm: do not start chip while suspended (git-fixes).\n- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).\n- tty: xilinx_uartps: split sysrq handling (git-fixes).\n- ubi: Add a check for ubi_num (git-fixes).\n- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).\n- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).\n- ubi: correct the calculation of fastmap size (stable-fixes).\n- ubi: eba: properly rollback inside self_check_eba (git-fixes).\n- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).\n- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).\n- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).\n- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: chipidea: ci_hdrc_imx: decrement device\u0027s refcount in .remove() and in the error path of .probe() (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).\n- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).\n- usb: gadget: Fix setting self-powered state on suspend (git-fixes).\n- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: hub: lack of clearing xHC resources (git-fixes).\n- usb: phy: generic: Use proper helper for property detection (stable-fixes).\n- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: renesas_usbhs: Call clk_put() (git-fixes).\n- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).\n- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).\n- usb: typec: ucsi: Fix NULL pointer access (git-fixes).\n- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).\n- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).\n- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usb: xhci: remove \u0027retval\u0027 from xhci_pci_resume() (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vboxsf: fix building with GCC 15 (stable-fixes).\n- vfio/pci: Lock external INTx masking ops (bsc#1222803).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio-mem: check if the config changed before fake offlining memory (git-fixes).\n- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).\n- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).\n- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- vsock/virtio: cancel close work in the destructor (git-fixes)\n- vsock: Keep the binding until socket destruction (git-fixes)\n- vsock: reset socket state when de-assigning the transport (git-fixes)\n- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).\n- wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode (git-fixes).\n- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).\n- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).\n- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).\n- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).\n- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).\n- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).\n- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).\n- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).\n- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).\n- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).\n- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).\n- wifi: mt76: Add check for devm_kstrdup() (git-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).\n- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).\n- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).\n- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).\n- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).\n- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/coco: Replace \u0027static const cc_mask\u0027 with the newly introduced cc_get_mask() function (git-fixes).\n- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).\n- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).\n- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).\n- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).\n- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).\n- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).\n- x86/microcode/32: Move early loading after paging enable (git-fixes).\n- x86/microcode/amd: Cache builtin microcode too (git-fixes).\n- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).\n- x86/microcode/amd: Use cached microcode for AP load (git-fixes).\n- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).\n- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).\n- x86/microcode/intel: Cleanup code further (git-fixes).\n- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).\n- x86/microcode/intel: Remove debug code (git-fixes).\n- x86/microcode/intel: Remove pointless mutex (git-fixes).\n- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).\n- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).\n- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).\n- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).\n- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).\n- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).\n- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).\n- x86/microcode/intel: Simplify early loading (git-fixes).\n- x86/microcode/intel: Simplify scan_microcode() (git-fixes).\n- x86/microcode/intel: Switch to kvmalloc() (git-fixes).\n- x86/microcode/intel: Unify microcode apply() functions (git-fixes).\n- x86/microcode: Add per CPU control field (git-fixes).\n- x86/microcode: Add per CPU result state (git-fixes).\n- x86/microcode: Clarify the late load logic (git-fixes).\n- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).\n- x86/microcode: Get rid of the schedule work indirection (git-fixes).\n- x86/microcode: Handle \"nosmt\" correctly (git-fixes).\n- x86/microcode: Handle \"offline\" CPUs correctly (git-fixes).\n- x86/microcode: Hide the config knob (git-fixes).\n- x86/microcode: Include vendor headers into microcode.h (git-fixes).\n- x86/microcode: Make reload_early_microcode() static (git-fixes).\n- x86/microcode: Mop up early loading leftovers (git-fixes).\n- x86/microcode: Move core specific defines to local header (git-fixes).\n- x86/microcode: Prepare for minimal revision check (git-fixes).\n- x86/microcode: Protect against instrumentation (git-fixes).\n- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).\n- x86/microcode: Provide new control functions (git-fixes).\n- x86/microcode: Remove microcode_mutex (git-fixes).\n- x86/microcode: Remove pointless apply() invocation (git-fixes).\n- x86/microcode: Rendezvous and load in NMI (git-fixes).\n- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).\n- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/mm: Remove unused microcode.h include (git-fixes).\n- x86/platform/olpc: Remove unused variable \u0027len\u0027 in olpc_dt_compatible_match() (git-fixes).\n- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).\n- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()\u0027s description (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).\n- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).\n- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).\n- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).\n- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).\n- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).\n- xhci: dbc: Convert to use sysfs_streq() (git-fixes).\n- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).\n- xhci: dbc: Fix STALL transfer event handling (git-fixes).\n- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).\n- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).\n- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).\n- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).\n- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).\n- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).\n- xhci: pci: Use standard pattern for device IDs (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-8",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20260-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20260-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520260-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20260-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021058.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1207948",
"url": "https://bugzilla.suse.com/1207948"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1215211",
"url": "https://bugzilla.suse.com/1215211"
},
{
"category": "self",
"summary": "SUSE Bug 1218470",
"url": "https://bugzilla.suse.com/1218470"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1221651",
"url": "https://bugzilla.suse.com/1221651"
},
{
"category": "self",
"summary": "SUSE Bug 1222649",
"url": "https://bugzilla.suse.com/1222649"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1223047",
"url": "https://bugzilla.suse.com/1223047"
},
{
"category": "self",
"summary": "SUSE Bug 1224049",
"url": "https://bugzilla.suse.com/1224049"
},
{
"category": "self",
"summary": "SUSE Bug 1224489",
"url": "https://bugzilla.suse.com/1224489"
},
{
"category": "self",
"summary": "SUSE Bug 1224610",
"url": "https://bugzilla.suse.com/1224610"
},
{
"category": "self",
"summary": "SUSE Bug 1225533",
"url": "https://bugzilla.suse.com/1225533"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225770",
"url": "https://bugzilla.suse.com/1225770"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1226871",
"url": "https://bugzilla.suse.com/1226871"
},
{
"category": "self",
"summary": "SUSE Bug 1227858",
"url": "https://bugzilla.suse.com/1227858"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1228653",
"url": "https://bugzilla.suse.com/1228653"
},
{
"category": "self",
"summary": "SUSE Bug 1229311",
"url": "https://bugzilla.suse.com/1229311"
},
{
"category": "self",
"summary": "SUSE Bug 1229361",
"url": "https://bugzilla.suse.com/1229361"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1230728",
"url": "https://bugzilla.suse.com/1230728"
},
{
"category": "self",
"summary": "SUSE Bug 1230769",
"url": "https://bugzilla.suse.com/1230769"
},
{
"category": "self",
"summary": "SUSE Bug 1230832",
"url": "https://bugzilla.suse.com/1230832"
},
{
"category": "self",
"summary": "SUSE Bug 1231088",
"url": "https://bugzilla.suse.com/1231088"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232364",
"url": "https://bugzilla.suse.com/1232364"
},
{
"category": "self",
"summary": "SUSE Bug 1232389",
"url": "https://bugzilla.suse.com/1232389"
},
{
"category": "self",
"summary": "SUSE Bug 1232421",
"url": "https://bugzilla.suse.com/1232421"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232743",
"url": "https://bugzilla.suse.com/1232743"
},
{
"category": "self",
"summary": "SUSE Bug 1232812",
"url": "https://bugzilla.suse.com/1232812"
},
{
"category": "self",
"summary": "SUSE Bug 1232848",
"url": "https://bugzilla.suse.com/1232848"
},
{
"category": "self",
"summary": "SUSE Bug 1232895",
"url": "https://bugzilla.suse.com/1232895"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233033",
"url": "https://bugzilla.suse.com/1233033"
},
{
"category": "self",
"summary": "SUSE Bug 1233060",
"url": "https://bugzilla.suse.com/1233060"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233221",
"url": "https://bugzilla.suse.com/1233221"
},
{
"category": "self",
"summary": "SUSE Bug 1233248",
"url": "https://bugzilla.suse.com/1233248"
},
{
"category": "self",
"summary": "SUSE Bug 1233259",
"url": "https://bugzilla.suse.com/1233259"
},
{
"category": "self",
"summary": "SUSE Bug 1233260",
"url": "https://bugzilla.suse.com/1233260"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233522",
"url": "https://bugzilla.suse.com/1233522"
},
{
"category": "self",
"summary": "SUSE Bug 1233551",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234222",
"url": "https://bugzilla.suse.com/1234222"
},
{
"category": "self",
"summary": "SUSE Bug 1234480",
"url": "https://bugzilla.suse.com/1234480"
},
{
"category": "self",
"summary": "SUSE Bug 1234828",
"url": "https://bugzilla.suse.com/1234828"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234936",
"url": "https://bugzilla.suse.com/1234936"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235244",
"url": "https://bugzilla.suse.com/1235244"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235436",
"url": "https://bugzilla.suse.com/1235436"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235455",
"url": "https://bugzilla.suse.com/1235455"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235501",
"url": "https://bugzilla.suse.com/1235501"
},
{
"category": "self",
"summary": "SUSE Bug 1235524",
"url": "https://bugzilla.suse.com/1235524"
},
{
"category": "self",
"summary": "SUSE Bug 1235589",
"url": "https://bugzilla.suse.com/1235589"
},
{
"category": "self",
"summary": "SUSE Bug 1235591",
"url": "https://bugzilla.suse.com/1235591"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235621",
"url": "https://bugzilla.suse.com/1235621"
},
{
"category": "self",
"summary": "SUSE Bug 1235637",
"url": "https://bugzilla.suse.com/1235637"
},
{
"category": "self",
"summary": "SUSE Bug 1235698",
"url": "https://bugzilla.suse.com/1235698"
},
{
"category": "self",
"summary": "SUSE Bug 1235711",
"url": "https://bugzilla.suse.com/1235711"
},
{
"category": "self",
"summary": "SUSE Bug 1235712",
"url": "https://bugzilla.suse.com/1235712"
},
{
"category": "self",
"summary": "SUSE Bug 1235715",
"url": "https://bugzilla.suse.com/1235715"
},
{
"category": "self",
"summary": "SUSE Bug 1235729",
"url": "https://bugzilla.suse.com/1235729"
},
{
"category": "self",
"summary": "SUSE Bug 1235733",
"url": "https://bugzilla.suse.com/1235733"
},
{
"category": "self",
"summary": "SUSE Bug 1235761",
"url": "https://bugzilla.suse.com/1235761"
},
{
"category": "self",
"summary": "SUSE Bug 1235870",
"url": "https://bugzilla.suse.com/1235870"
},
{
"category": "self",
"summary": "SUSE Bug 1235874",
"url": "https://bugzilla.suse.com/1235874"
},
{
"category": "self",
"summary": "SUSE Bug 1235914",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1235973",
"url": "https://bugzilla.suse.com/1235973"
},
{
"category": "self",
"summary": "SUSE Bug 1236099",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "self",
"summary": "SUSE Bug 1236111",
"url": "https://bugzilla.suse.com/1236111"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236206",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236680",
"url": "https://bugzilla.suse.com/1236680"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236683",
"url": "https://bugzilla.suse.com/1236683"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236685",
"url": "https://bugzilla.suse.com/1236685"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236692",
"url": "https://bugzilla.suse.com/1236692"
},
{
"category": "self",
"summary": "SUSE Bug 1236694",
"url": "https://bugzilla.suse.com/1236694"
},
{
"category": "self",
"summary": "SUSE Bug 1236698",
"url": "https://bugzilla.suse.com/1236698"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236757",
"url": "https://bugzilla.suse.com/1236757"
},
{
"category": "self",
"summary": "SUSE Bug 1236758",
"url": "https://bugzilla.suse.com/1236758"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236760",
"url": "https://bugzilla.suse.com/1236760"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237029",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237164",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237313",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237530",
"url": "https://bugzilla.suse.com/1237530"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237565",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "self",
"summary": "SUSE Bug 1237571",
"url": "https://bugzilla.suse.com/1237571"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237853",
"url": "https://bugzilla.suse.com/1237853"
},
{
"category": "self",
"summary": "SUSE Bug 1237856",
"url": "https://bugzilla.suse.com/1237856"
},
{
"category": "self",
"summary": "SUSE Bug 1237873",
"url": "https://bugzilla.suse.com/1237873"
},
{
"category": "self",
"summary": "SUSE Bug 1237875",
"url": "https://bugzilla.suse.com/1237875"
},
{
"category": "self",
"summary": "SUSE Bug 1237876",
"url": "https://bugzilla.suse.com/1237876"
},
{
"category": "self",
"summary": "SUSE Bug 1237877",
"url": "https://bugzilla.suse.com/1237877"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237881",
"url": "https://bugzilla.suse.com/1237881"
},
{
"category": "self",
"summary": "SUSE Bug 1237885",
"url": "https://bugzilla.suse.com/1237885"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237890",
"url": "https://bugzilla.suse.com/1237890"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237894",
"url": "https://bugzilla.suse.com/1237894"
},
{
"category": "self",
"summary": "SUSE Bug 1237897",
"url": "https://bugzilla.suse.com/1237897"
},
{
"category": "self",
"summary": "SUSE Bug 1237900",
"url": "https://bugzilla.suse.com/1237900"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237906",
"url": "https://bugzilla.suse.com/1237906"
},
{
"category": "self",
"summary": "SUSE Bug 1237907",
"url": "https://bugzilla.suse.com/1237907"
},
{
"category": "self",
"summary": "SUSE Bug 1237911",
"url": "https://bugzilla.suse.com/1237911"
},
{
"category": "self",
"summary": "SUSE Bug 1237912",
"url": "https://bugzilla.suse.com/1237912"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238212",
"url": "https://bugzilla.suse.com/1238212"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238474",
"url": "https://bugzilla.suse.com/1238474"
},
{
"category": "self",
"summary": "SUSE Bug 1238475",
"url": "https://bugzilla.suse.com/1238475"
},
{
"category": "self",
"summary": "SUSE Bug 1238479",
"url": "https://bugzilla.suse.com/1238479"
},
{
"category": "self",
"summary": "SUSE Bug 1238494",
"url": "https://bugzilla.suse.com/1238494"
},
{
"category": "self",
"summary": "SUSE Bug 1238496",
"url": "https://bugzilla.suse.com/1238496"
},
{
"category": "self",
"summary": "SUSE Bug 1238497",
"url": "https://bugzilla.suse.com/1238497"
},
{
"category": "self",
"summary": "SUSE Bug 1238500",
"url": "https://bugzilla.suse.com/1238500"
},
{
"category": "self",
"summary": "SUSE Bug 1238501",
"url": "https://bugzilla.suse.com/1238501"
},
{
"category": "self",
"summary": "SUSE Bug 1238502",
"url": "https://bugzilla.suse.com/1238502"
},
{
"category": "self",
"summary": "SUSE Bug 1238503",
"url": "https://bugzilla.suse.com/1238503"
},
{
"category": "self",
"summary": "SUSE Bug 1238506",
"url": "https://bugzilla.suse.com/1238506"
},
{
"category": "self",
"summary": "SUSE Bug 1238507",
"url": "https://bugzilla.suse.com/1238507"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238510",
"url": "https://bugzilla.suse.com/1238510"
},
{
"category": "self",
"summary": "SUSE Bug 1238511",
"url": "https://bugzilla.suse.com/1238511"
},
{
"category": "self",
"summary": "SUSE Bug 1238512",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "self",
"summary": "SUSE Bug 1238521",
"url": "https://bugzilla.suse.com/1238521"
},
{
"category": "self",
"summary": "SUSE Bug 1238523",
"url": "https://bugzilla.suse.com/1238523"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238526",
"url": "https://bugzilla.suse.com/1238526"
},
{
"category": "self",
"summary": "SUSE Bug 1238528",
"url": "https://bugzilla.suse.com/1238528"
},
{
"category": "self",
"summary": "SUSE Bug 1238529",
"url": "https://bugzilla.suse.com/1238529"
},
{
"category": "self",
"summary": "SUSE Bug 1238531",
"url": "https://bugzilla.suse.com/1238531"
},
{
"category": "self",
"summary": "SUSE Bug 1238532",
"url": "https://bugzilla.suse.com/1238532"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238715",
"url": "https://bugzilla.suse.com/1238715"
},
{
"category": "self",
"summary": "SUSE Bug 1238716",
"url": "https://bugzilla.suse.com/1238716"
},
{
"category": "self",
"summary": "SUSE Bug 1238734",
"url": "https://bugzilla.suse.com/1238734"
},
{
"category": "self",
"summary": "SUSE Bug 1238735",
"url": "https://bugzilla.suse.com/1238735"
},
{
"category": "self",
"summary": "SUSE Bug 1238736",
"url": "https://bugzilla.suse.com/1238736"
},
{
"category": "self",
"summary": "SUSE Bug 1238738",
"url": "https://bugzilla.suse.com/1238738"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238747",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238754",
"url": "https://bugzilla.suse.com/1238754"
},
{
"category": "self",
"summary": "SUSE Bug 1238757",
"url": "https://bugzilla.suse.com/1238757"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238760",
"url": "https://bugzilla.suse.com/1238760"
},
{
"category": "self",
"summary": "SUSE Bug 1238762",
"url": "https://bugzilla.suse.com/1238762"
},
{
"category": "self",
"summary": "SUSE Bug 1238763",
"url": "https://bugzilla.suse.com/1238763"
},
{
"category": "self",
"summary": "SUSE Bug 1238767",
"url": "https://bugzilla.suse.com/1238767"
},
{
"category": "self",
"summary": "SUSE Bug 1238768",
"url": "https://bugzilla.suse.com/1238768"
},
{
"category": "self",
"summary": "SUSE Bug 1238771",
"url": "https://bugzilla.suse.com/1238771"
},
{
"category": "self",
"summary": "SUSE Bug 1238772",
"url": "https://bugzilla.suse.com/1238772"
},
{
"category": "self",
"summary": "SUSE Bug 1238773",
"url": "https://bugzilla.suse.com/1238773"
},
{
"category": "self",
"summary": "SUSE Bug 1238775",
"url": "https://bugzilla.suse.com/1238775"
},
{
"category": "self",
"summary": "SUSE Bug 1238780",
"url": "https://bugzilla.suse.com/1238780"
},
{
"category": "self",
"summary": "SUSE Bug 1238781",
"url": "https://bugzilla.suse.com/1238781"
},
{
"category": "self",
"summary": "SUSE Bug 1238785",
"url": "https://bugzilla.suse.com/1238785"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238864",
"url": "https://bugzilla.suse.com/1238864"
},
{
"category": "self",
"summary": "SUSE Bug 1238865",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "self",
"summary": "SUSE Bug 1238876",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE Bug 1238903",
"url": "https://bugzilla.suse.com/1238903"
},
{
"category": "self",
"summary": "SUSE Bug 1238904",
"url": "https://bugzilla.suse.com/1238904"
},
{
"category": "self",
"summary": "SUSE Bug 1238905",
"url": "https://bugzilla.suse.com/1238905"
},
{
"category": "self",
"summary": "SUSE Bug 1238909",
"url": "https://bugzilla.suse.com/1238909"
},
{
"category": "self",
"summary": "SUSE Bug 1238911",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "self",
"summary": "SUSE Bug 1238917",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "self",
"summary": "SUSE Bug 1238958",
"url": "https://bugzilla.suse.com/1238958"
},
{
"category": "self",
"summary": "SUSE Bug 1238959",
"url": "https://bugzilla.suse.com/1238959"
},
{
"category": "self",
"summary": "SUSE Bug 1238963",
"url": "https://bugzilla.suse.com/1238963"
},
{
"category": "self",
"summary": "SUSE Bug 1238964",
"url": "https://bugzilla.suse.com/1238964"
},
{
"category": "self",
"summary": "SUSE Bug 1238969",
"url": "https://bugzilla.suse.com/1238969"
},
{
"category": "self",
"summary": "SUSE Bug 1238971",
"url": "https://bugzilla.suse.com/1238971"
},
{
"category": "self",
"summary": "SUSE Bug 1238973",
"url": "https://bugzilla.suse.com/1238973"
},
{
"category": "self",
"summary": "SUSE Bug 1238975",
"url": "https://bugzilla.suse.com/1238975"
},
{
"category": "self",
"summary": "SUSE Bug 1238978",
"url": "https://bugzilla.suse.com/1238978"
},
{
"category": "self",
"summary": "SUSE Bug 1238979",
"url": "https://bugzilla.suse.com/1238979"
},
{
"category": "self",
"summary": "SUSE Bug 1238981",
"url": "https://bugzilla.suse.com/1238981"
},
{
"category": "self",
"summary": "SUSE Bug 1238984",
"url": "https://bugzilla.suse.com/1238984"
},
{
"category": "self",
"summary": "SUSE Bug 1238986",
"url": "https://bugzilla.suse.com/1238986"
},
{
"category": "self",
"summary": "SUSE Bug 1238993",
"url": "https://bugzilla.suse.com/1238993"
},
{
"category": "self",
"summary": "SUSE Bug 1238994",
"url": "https://bugzilla.suse.com/1238994"
},
{
"category": "self",
"summary": "SUSE Bug 1238997",
"url": "https://bugzilla.suse.com/1238997"
},
{
"category": "self",
"summary": "SUSE Bug 1239015",
"url": "https://bugzilla.suse.com/1239015"
},
{
"category": "self",
"summary": "SUSE Bug 1239016",
"url": "https://bugzilla.suse.com/1239016"
},
{
"category": "self",
"summary": "SUSE Bug 1239027",
"url": "https://bugzilla.suse.com/1239027"
},
{
"category": "self",
"summary": "SUSE Bug 1239029",
"url": "https://bugzilla.suse.com/1239029"
},
{
"category": "self",
"summary": "SUSE Bug 1239030",
"url": "https://bugzilla.suse.com/1239030"
},
{
"category": "self",
"summary": "SUSE Bug 1239033",
"url": "https://bugzilla.suse.com/1239033"
},
{
"category": "self",
"summary": "SUSE Bug 1239034",
"url": "https://bugzilla.suse.com/1239034"
},
{
"category": "self",
"summary": "SUSE Bug 1239036",
"url": "https://bugzilla.suse.com/1239036"
},
{
"category": "self",
"summary": "SUSE Bug 1239037",
"url": "https://bugzilla.suse.com/1239037"
},
{
"category": "self",
"summary": "SUSE Bug 1239038",
"url": "https://bugzilla.suse.com/1239038"
},
{
"category": "self",
"summary": "SUSE Bug 1239039",
"url": "https://bugzilla.suse.com/1239039"
},
{
"category": "self",
"summary": "SUSE Bug 1239045",
"url": "https://bugzilla.suse.com/1239045"
},
{
"category": "self",
"summary": "SUSE Bug 1239065",
"url": "https://bugzilla.suse.com/1239065"
},
{
"category": "self",
"summary": "SUSE Bug 1239068",
"url": "https://bugzilla.suse.com/1239068"
},
{
"category": "self",
"summary": "SUSE Bug 1239073",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "self",
"summary": "SUSE Bug 1239076",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "self",
"summary": "SUSE Bug 1239080",
"url": "https://bugzilla.suse.com/1239080"
},
{
"category": "self",
"summary": "SUSE Bug 1239085",
"url": "https://bugzilla.suse.com/1239085"
},
{
"category": "self",
"summary": "SUSE Bug 1239087",
"url": "https://bugzilla.suse.com/1239087"
},
{
"category": "self",
"summary": "SUSE Bug 1239095",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "self",
"summary": "SUSE Bug 1239104",
"url": "https://bugzilla.suse.com/1239104"
},
{
"category": "self",
"summary": "SUSE Bug 1239105",
"url": "https://bugzilla.suse.com/1239105"
},
{
"category": "self",
"summary": "SUSE Bug 1239109",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "self",
"summary": "SUSE Bug 1239112",
"url": "https://bugzilla.suse.com/1239112"
},
{
"category": "self",
"summary": "SUSE Bug 1239114",
"url": "https://bugzilla.suse.com/1239114"
},
{
"category": "self",
"summary": "SUSE Bug 1239115",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "self",
"summary": "SUSE Bug 1239117",
"url": "https://bugzilla.suse.com/1239117"
},
{
"category": "self",
"summary": "SUSE Bug 1239167",
"url": "https://bugzilla.suse.com/1239167"
},
{
"category": "self",
"summary": "SUSE Bug 1239174",
"url": "https://bugzilla.suse.com/1239174"
},
{
"category": "self",
"summary": "SUSE Bug 1239346",
"url": "https://bugzilla.suse.com/1239346"
},
{
"category": "self",
"summary": "SUSE Bug 1239349",
"url": "https://bugzilla.suse.com/1239349"
},
{
"category": "self",
"summary": "SUSE Bug 1239435",
"url": "https://bugzilla.suse.com/1239435"
},
{
"category": "self",
"summary": "SUSE Bug 1239467",
"url": "https://bugzilla.suse.com/1239467"
},
{
"category": "self",
"summary": "SUSE Bug 1239468",
"url": "https://bugzilla.suse.com/1239468"
},
{
"category": "self",
"summary": "SUSE Bug 1239471",
"url": "https://bugzilla.suse.com/1239471"
},
{
"category": "self",
"summary": "SUSE Bug 1239473",
"url": "https://bugzilla.suse.com/1239473"
},
{
"category": "self",
"summary": "SUSE Bug 1239474",
"url": "https://bugzilla.suse.com/1239474"
},
{
"category": "self",
"summary": "SUSE Bug 1239477",
"url": "https://bugzilla.suse.com/1239477"
},
{
"category": "self",
"summary": "SUSE Bug 1239478",
"url": "https://bugzilla.suse.com/1239478"
},
{
"category": "self",
"summary": "SUSE Bug 1239479",
"url": "https://bugzilla.suse.com/1239479"
},
{
"category": "self",
"summary": "SUSE Bug 1239481",
"url": "https://bugzilla.suse.com/1239481"
},
{
"category": "self",
"summary": "SUSE Bug 1239482",
"url": "https://bugzilla.suse.com/1239482"
},
{
"category": "self",
"summary": "SUSE Bug 1239483",
"url": "https://bugzilla.suse.com/1239483"
},
{
"category": "self",
"summary": "SUSE Bug 1239484",
"url": "https://bugzilla.suse.com/1239484"
},
{
"category": "self",
"summary": "SUSE Bug 1239486",
"url": "https://bugzilla.suse.com/1239486"
},
{
"category": "self",
"summary": "SUSE Bug 1239508",
"url": "https://bugzilla.suse.com/1239508"
},
{
"category": "self",
"summary": "SUSE Bug 1239512",
"url": "https://bugzilla.suse.com/1239512"
},
{
"category": "self",
"summary": "SUSE Bug 1239518",
"url": "https://bugzilla.suse.com/1239518"
},
{
"category": "self",
"summary": "SUSE Bug 1239573",
"url": "https://bugzilla.suse.com/1239573"
},
{
"category": "self",
"summary": "SUSE Bug 1239594",
"url": "https://bugzilla.suse.com/1239594"
},
{
"category": "self",
"summary": "SUSE Bug 1239595",
"url": "https://bugzilla.suse.com/1239595"
},
{
"category": "self",
"summary": "SUSE Bug 1239600",
"url": "https://bugzilla.suse.com/1239600"
},
{
"category": "self",
"summary": "SUSE Bug 1239605",
"url": "https://bugzilla.suse.com/1239605"
},
{
"category": "self",
"summary": "SUSE Bug 1239615",
"url": "https://bugzilla.suse.com/1239615"
},
{
"category": "self",
"summary": "SUSE Bug 1239644",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "self",
"summary": "SUSE Bug 1239707",
"url": "https://bugzilla.suse.com/1239707"
},
{
"category": "self",
"summary": "SUSE Bug 1239986",
"url": "https://bugzilla.suse.com/1239986"
},
{
"category": "self",
"summary": "SUSE Bug 1239994",
"url": "https://bugzilla.suse.com/1239994"
},
{
"category": "self",
"summary": "SUSE Bug 1240169",
"url": "https://bugzilla.suse.com/1240169"
},
{
"category": "self",
"summary": "SUSE Bug 1240172",
"url": "https://bugzilla.suse.com/1240172"
},
{
"category": "self",
"summary": "SUSE Bug 1240173",
"url": "https://bugzilla.suse.com/1240173"
},
{
"category": "self",
"summary": "SUSE Bug 1240175",
"url": "https://bugzilla.suse.com/1240175"
},
{
"category": "self",
"summary": "SUSE Bug 1240177",
"url": "https://bugzilla.suse.com/1240177"
},
{
"category": "self",
"summary": "SUSE Bug 1240179",
"url": "https://bugzilla.suse.com/1240179"
},
{
"category": "self",
"summary": "SUSE Bug 1240182",
"url": "https://bugzilla.suse.com/1240182"
},
{
"category": "self",
"summary": "SUSE Bug 1240183",
"url": "https://bugzilla.suse.com/1240183"
},
{
"category": "self",
"summary": "SUSE Bug 1240186",
"url": "https://bugzilla.suse.com/1240186"
},
{
"category": "self",
"summary": "SUSE Bug 1240188",
"url": "https://bugzilla.suse.com/1240188"
},
{
"category": "self",
"summary": "SUSE Bug 1240189",
"url": "https://bugzilla.suse.com/1240189"
},
{
"category": "self",
"summary": "SUSE Bug 1240191",
"url": "https://bugzilla.suse.com/1240191"
},
{
"category": "self",
"summary": "SUSE Bug 1240192",
"url": "https://bugzilla.suse.com/1240192"
},
{
"category": "self",
"summary": "SUSE Bug 1240333",
"url": "https://bugzilla.suse.com/1240333"
},
{
"category": "self",
"summary": "SUSE Bug 1240334",
"url": "https://bugzilla.suse.com/1240334"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52831 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52926 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52927 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26634 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26873 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38606 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41149 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42307 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43820 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46736 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46796 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47408 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47794 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49571 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49940 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50152 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50251 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50258 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50304 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52559 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53163 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54683 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56638 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56640 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57807 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57973 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57986 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57993 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57997 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57999 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58006 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58034 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58052 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58054 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58083 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21631 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21659 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21666 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21669 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21671 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21704 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21708 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21711 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21741 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21743 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21745 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21762 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21775 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21776 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21779 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21780 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21781 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21782 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21784 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21793 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21796 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21804 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21815 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21819 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21820 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21821 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21825 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21829 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21831 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21835 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21838 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21846 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21855 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21857 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21858 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21859 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21862 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21883 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21886 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21888 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21890 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21892 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21892/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-04-17T10:48:21Z",
"generator": {
"date": "2025-04-17T10:48:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20260-1",
"initial_release_date": "2025-04-17T10:48:21Z",
"revision_history": [
{
"date": "2025-04-17T10:48:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-6.4.0-28.1.aarch64",
"product": {
"name": "kernel-rt-6.4.0-28.1.aarch64",
"product_id": "kernel-rt-6.4.0-28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-28.1.aarch64",
"product": {
"name": "kernel-rt-devel-6.4.0-28.1.aarch64",
"product_id": "kernel-rt-devel-6.4.0-28.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-28.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-28.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-28.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-28.1.noarch",
"product_id": "kernel-source-rt-6.4.0-28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-28.1.x86_64",
"product_id": "kernel-rt-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-28.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-28.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64"
},
"product_reference": "kernel-rt-6.4.0-28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-28.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64"
},
"product_reference": "kernel-rt-devel-6.4.0-28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don\u0027t offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the \"isolcpus=\" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n rebuild_sched_domains_locked()\n ndoms = generate_sched_domains(\u0026doms, \u0026attr);\n cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52831",
"url": "https://www.suse.com/security/cve/CVE-2023-52831"
},
{
"category": "external",
"summary": "SUSE Bug 1225533 for CVE-2023-52831",
"url": "https://bugzilla.suse.com/1225533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52831"
},
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2023-52926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIORING_OP_READ did not correctly consume the provided buffer list when\nread i/o returned \u003c 0 (except for -EAGAIN and -EIOCBQUEUED return).\nThis can lead to a potential use-after-free when the completion via\nio_rw_done runs at separate context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52926",
"url": "https://www.suse.com/security/cve/CVE-2023-52926"
},
{
"category": "external",
"summary": "SUSE Bug 1237565 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "external",
"summary": "SUSE Bug 1237567 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52926"
},
{
"cve": "CVE-2023-52927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: allow exp not to be removed in nf_ct_find_expectation\n\nCurrently nf_conntrack_in() calling nf_ct_find_expectation() will\nremove the exp from the hash table. However, in some scenario, we\nexpect the exp not to be removed when the created ct will not be\nconfirmed, like in OVS and TC conntrack in the following patches.\n\nThis patch allows exp not to be removed by setting IPS_CONFIRMED\nin the status of the tmpl.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52927",
"url": "https://www.suse.com/security/cve/CVE-2023-52927"
},
{
"category": "external",
"summary": "SUSE Bug 1239644 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "external",
"summary": "SUSE Bug 1246016 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1246016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-26634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix removing a namespace with conflicting altnames\n\nMark reports a BUG() when a net namespace is removed.\n\n kernel BUG at net/core/dev.c:11520!\n\nPhysical interfaces moved outside of init_net get \"refunded\"\nto init_net when that namespace disappears. The main interface\nname may get overwritten in the process if it would have\nconflicted. We need to also discard all conflicting altnames.\nRecent fixes addressed ensuring that altnames get moved\nwith the main interface, which surfaced this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26634",
"url": "https://www.suse.com/security/cve/CVE-2024-26634"
},
{
"category": "external",
"summary": "SUSE Bug 1221651 for CVE-2024-26634",
"url": "https://bugzilla.suse.com/1221651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26634"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\n\nIf we issue a disabling PHY command, the device attached with it will go\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\nfound:\n\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\n[ 4613.666297] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\n[ 4613.691518] Call trace:\n[ 4613.694678] __switch_to+0xf8/0x17c\n[ 4613.698872] __schedule+0x660/0xee0\n[ 4613.703063] schedule+0xac/0x240\n[ 4613.706994] schedule_timeout+0x500/0x610\n[ 4613.711705] __down+0x128/0x36c\n[ 4613.715548] down+0x240/0x2d0\n[ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\n[ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas]\n[ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas]\n[ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\n[ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\n[ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\n[ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas]\n[ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas]\n[ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\n[ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas]\n[ 4613.784716] process_one_work+0x248/0x950\n[ 4613.789424] worker_thread+0x318/0x934\n[ 4613.793878] kthread+0x190/0x200\n[ 4613.797810] ret_from_fork+0x10/0x18\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\n[ 4613.816026] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\n[ 4613.841491] Call trace:\n[ 4613.844647] __switch_to+0xf8/0x17c\n[ 4613.848852] __schedule+0x660/0xee0\n[ 4613.853052] schedule+0xac/0x240\n[ 4613.856984] schedule_timeout+0x500/0x610\n[ 4613.861695] __down+0x128/0x36c\n[ 4613.865542] down+0x240/0x2d0\n[ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\n[ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\n[ 4613.883019] process_one_work+0x248/0x950\n[ 4613.887732] worker_thread+0x318/0x934\n[ 4613.892204] kthread+0x190/0x200\n[ 4613.896118] ret_from_fork+0x10/0x18\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\n[ 4613.914341] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\n[ 4613.939549] Call trace:\n[ 4613.942702] __switch_to+0xf8/0x17c\n[ 4613.946892] __schedule+0x660/0xee0\n[ 4613.951083] schedule+0xac/0x240\n[ 4613.955015] schedule_timeout+0x500/0x610\n[ 4613.959725] wait_for_common+0x200/0x610\n[ 4613.964349] wait_for_completion+0x3c/0x5c\n[ 4613.969146] flush_workqueue+0x198/0x790\n[ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\n[ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas]\n[ 4613.985708] process_one_work+0x248/0x950\n[ 4613.990420] worker_thread+0x318/0x934\n[ 4613.994868] kthread+0x190/0x200\n[ 4613.998800] ret_from_fork+0x10/0x18\n\nThis is because when the device goes offline, we obtain the hisi_hba\nsemaphore and send the ABORT_DEV command to the device. However, the\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\ncannot be executed and the controller cannot be reset.\n\nTherefore, the deadlocks occur on the following circular dependencies\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26873",
"url": "https://www.suse.com/security/cve/CVE-2024-26873"
},
{
"category": "external",
"summary": "SUSE Bug 1223047 for CVE-2024-26873",
"url": "https://bugzilla.suse.com/1223047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26873"
},
{
"cve": "CVE-2024-35826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35826",
"url": "https://www.suse.com/security/cve/CVE-2024-35826"
},
{
"category": "external",
"summary": "SUSE Bug 1224610 for CVE-2024-35826",
"url": "https://bugzilla.suse.com/1224610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-35826"
},
{
"cve": "CVE-2024-35910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35910",
"url": "https://www.suse.com/security/cve/CVE-2024-35910"
},
{
"category": "external",
"summary": "SUSE Bug 1224489 for CVE-2024-35910",
"url": "https://bugzilla.suse.com/1224489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - validate slices count returned by FW\n\nThe function adf_send_admin_tl_start() enables the telemetry (TL)\nfeature on a QAT device by sending the ICP_QAT_FW_TL_START message to\nthe firmware. This triggers the FW to start writing TL data to a DMA\nbuffer in memory and returns an array containing the number of\naccelerators of each type (slices) supported by this HW.\nThe pointer to this array is stored in the adf_tl_hw_data data\nstructure called slice_cnt.\n\nThe array slice_cnt is then used in the function tl_print_dev_data()\nto report in debugfs only statistics about the supported accelerators.\nAn incorrect value of the elements in slice_cnt might lead to an out\nof bounds memory read.\nAt the moment, there isn\u0027t an implementation of FW that returns a wrong\nvalue, but for robustness validate the slice count array returned by FW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38606",
"url": "https://www.suse.com/security/cve/CVE-2024-38606"
},
{
"category": "external",
"summary": "SUSE Bug 1226871 for CVE-2024-38606",
"url": "https://bugzilla.suse.com/1226871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\u003csnip\u003e\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\u003csnip\u003e\n\tvalue changed: 0x0000000a -\u003e 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi-\u003epoll_owner\nnon atomically. The -\u003epoll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41005",
"url": "https://www.suse.com/security/cve/CVE-2024-41005"
},
{
"category": "external",
"summary": "SUSE Bug 1227858 for CVE-2024-41005",
"url": "https://bugzilla.suse.com/1227858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-41077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix validation of block size\n\nBlock size should be between 512 and PAGE_SIZE and be a power of 2. The current\ncheck does not validate this, so update the check.\n\nWithout this patch, null_blk would Oops due to a null pointer deref when\nloaded with bs=1536 [1].\n\n\n[axboe: remove unnecessary braces and != 0 check]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41077",
"url": "https://www.suse.com/security/cve/CVE-2024-41077"
},
{
"category": "external",
"summary": "SUSE Bug 1228653 for CVE-2024-41077",
"url": "https://bugzilla.suse.com/1228653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: avoid to reuse `hctx` not removed from cpuhp callback list\n\nIf the \u0027hctx\u0027 isn\u0027t removed from cpuhp callback list, we can\u0027t reuse it,\notherwise use-after-free may be triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41149",
"url": "https://www.suse.com/security/cve/CVE-2024-41149"
},
{
"category": "external",
"summary": "SUSE Bug 1235698 for CVE-2024-41149",
"url": "https://bugzilla.suse.com/1235698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41149"
},
{
"cve": "CVE-2024-42307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n fs/smb/client/cifsfs.c:1981 init_cifs()\n error: we previously assumed \u0027serverclose_wq\u0027 could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42307",
"url": "https://www.suse.com/security/cve/CVE-2024-42307"
},
{
"category": "external",
"summary": "SUSE Bug 1229361 for CVE-2024-42307",
"url": "https://bugzilla.suse.com/1229361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-42307"
},
{
"cve": "CVE-2024-43820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery));\n\nThis check is designed to make sure that the sync thread isn\u0027t\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43820",
"url": "https://www.suse.com/security/cve/CVE-2024-43820"
},
{
"category": "external",
"summary": "SUSE Bug 1229311 for CVE-2024-43820",
"url": "https://bugzilla.suse.com/1229311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-46736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_rename_path()\n\nIf smb2_set_path_attr() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() again as the\nreference of @cfile was already dropped by previous smb2_compound_op()\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46736",
"url": "https://www.suse.com/security/cve/CVE-2024-46736"
},
{
"category": "external",
"summary": "SUSE Bug 1230728 for CVE-2024-46736",
"url": "https://bugzilla.suse.com/1230728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46736"
},
{
"cve": "CVE-2024-46782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46782",
"url": "https://www.suse.com/security/cve/CVE-2024-46782"
},
{
"category": "external",
"summary": "SUSE Bug 1230769 for CVE-2024-46782",
"url": "https://bugzilla.suse.com/1230769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_set_path_size()\n\nIf smb2_compound_op() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() before retrying it\nas the reference of @cfile was already dropped by previous call.\n\nThis fixes the following KASAN splat when running fstests generic/013\nagainst Windows Server 2022:\n\n CIFS: Attempting to mount //w22-fs0/scratch\n run fstests generic/013 at 2024-09-02 19:48:59\n ==================================================================\n BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200\n Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176\n\n CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40\n 04/01/2014\n Workqueue: cifsoplockd cifs_oplock_break [cifs]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? detach_if_pending+0xab/0x200\n print_report+0x156/0x4d9\n ? detach_if_pending+0xab/0x200\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? detach_if_pending+0xab/0x200\n kasan_report+0xda/0x110\n ? detach_if_pending+0xab/0x200\n detach_if_pending+0xab/0x200\n timer_delete+0x96/0xe0\n ? __pfx_timer_delete+0x10/0x10\n ? rcu_is_watching+0x20/0x50\n try_to_grab_pending+0x46/0x3b0\n __cancel_work+0x89/0x1b0\n ? __pfx___cancel_work+0x10/0x10\n ? kasan_save_track+0x14/0x30\n cifs_close_deferred_file+0x110/0x2c0 [cifs]\n ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs]\n ? __pfx_down_read+0x10/0x10\n cifs_oplock_break+0x4c1/0xa50 [cifs]\n ? __pfx_cifs_oplock_break+0x10/0x10 [cifs]\n ? lock_is_held_type+0x85/0xf0\n ? mark_held_locks+0x1a/0x90\n process_one_work+0x4c6/0x9f0\n ? find_held_lock+0x8a/0xa0\n ? __pfx_process_one_work+0x10/0x10\n ? lock_acquired+0x220/0x550\n ? __list_add_valid_or_report+0x37/0x100\n worker_thread+0x2e4/0x570\n ? __kthread_parkme+0xd1/0xf0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x17f/0x1c0\n ? kthread+0xda/0x1c0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 1118:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n cifs_new_fileinfo+0xc8/0x9d0 [cifs]\n cifs_atomic_open+0x467/0x770 [cifs]\n lookup_open.isra.0+0x665/0x8b0\n path_openat+0x4c3/0x1380\n do_filp_open+0x167/0x270\n do_sys_openat2+0x129/0x160\n __x64_sys_creat+0xad/0xe0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 83:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n poison_slab_object+0xe9/0x160\n __kasan_slab_free+0x32/0x50\n kfree+0xf2/0x300\n process_one_work+0x4c6/0x9f0\n worker_thread+0x2e4/0x570\n kthread+0x17f/0x1c0\n ret_from_fork+0x31/0x60\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x30/0x50\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x29/0xe0\n __queue_work+0x5ea/0x760\n queue_work_on+0x6d/0x90\n _cifsFileInfo_put+0x3f6/0x770 [cifs]\n smb2_compound_op+0x911/0x3940 [cifs]\n smb2_set_path_size+0x228/0x270 [cifs]\n cifs_set_file_size+0x197/0x460 [cifs]\n cifs_setattr+0xd9c/0x14b0 [cifs]\n notify_change+0x4e3/0x740\n do_truncate+0xfa/0x180\n vfs_truncate+0x195/0x200\n __x64_sys_truncate+0x109/0x150\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46796",
"url": "https://www.suse.com/security/cve/CVE-2024-46796"
},
{
"category": "external",
"summary": "SUSE Bug 1230832 for CVE-2024-46796",
"url": "https://bugzilla.suse.com/1230832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46796"
},
{
"cve": "CVE-2024-46858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n CPU1\t\t\t\tCPU2\n ==== ====\n net_rx_action\n napi_poll netlink_sendmsg\n __napi_poll netlink_unicast\n process_backlog netlink_unicast_kernel\n __netif_receive_skb genl_rcv\n __netif_receive_skb_one_core netlink_rcv_skb\n NF_HOOK genl_rcv_msg\n ip_local_deliver_finish genl_family_rcv_msg\n ip_protocol_deliver_rcu genl_family_rcv_msg_doit\n tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit\n tcp_v4_do_rcv mptcp_nl_remove_addrs_list\n tcp_rcv_established mptcp_pm_remove_addrs_and_subflows\n tcp_data_queue remove_anno_list_by_saddr\n mptcp_incoming_options mptcp_pm_del_add_timer\n mptcp_pm_del_add_timer kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by \"pm.lock\", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of \"entry-\u003eadd_timer\".\n\nMove list_del(\u0026entry-\u003elist) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar \"entry-\u003ex\" uaf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46858",
"url": "https://www.suse.com/security/cve/CVE-2024-46858"
},
{
"category": "external",
"summary": "SUSE Bug 1231088 for CVE-2024-46858",
"url": "https://bugzilla.suse.com/1231088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46858"
},
{
"cve": "CVE-2024-47408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47408"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check smcd_v2_ext_offset when receiving proposal msg\n\nWhen receiving proposal msg in server, the field smcd_v2_ext_offset in\nproposal msg is from the remote client and can not be fully trusted.\nOnce the value of smcd_v2_ext_offset exceed the max value, there has\nthe chance to access wrong address, and crash may happen.\n\nThis patch checks the value of smcd_v2_ext_offset before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47408",
"url": "https://www.suse.com/security/cve/CVE-2024-47408"
},
{
"category": "external",
"summary": "SUSE Bug 1235711 for CVE-2024-47408",
"url": "https://bugzilla.suse.com/1235711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47794",
"url": "https://www.suse.com/security/cve/CVE-2024-47794"
},
{
"category": "external",
"summary": "SUSE Bug 1235712 for CVE-2024-47794",
"url": "https://bugzilla.suse.com/1235712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the field iparea_offset\nand the field ipv6_prefixes_cnt in proposal msg are from the\nremote client and can not be fully trusted. Especially the\nfield iparea_offset, once exceed the max value, there has the\nchance to access wrong address, and crash may happen.\n\nThis patch checks iparea_offset and ipv6_prefixes_cnt before using them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49571",
"url": "https://www.suse.com/security/cve/CVE-2024-49571"
},
{
"category": "external",
"summary": "SUSE Bug 1235733 for CVE-2024-49571",
"url": "https://bugzilla.suse.com/1235733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which \u0026fbi-\u003etask is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the \u0026pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi-\u003efb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | pxafb_task\npxafb_remove |\nunregister_framebuffer(info) |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info) |\n// free fbi-\u003efb | set_ctrlr_state(fbi, state)\n | __pxafb_lcd_power(fbi, 0)\n | fbi-\u003elcd_power(on, \u0026fbi-\u003efb.var)\n | //use fbi-\u003efb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49924",
"url": "https://www.suse.com/security/cve/CVE-2024-49924"
},
{
"category": "external",
"summary": "SUSE Bug 1232364 for CVE-2024-49924",
"url": "https://bugzilla.suse.com/1232364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49940"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: prevent possible tunnel refcount underflow\n\nWhen a session is created, it sets a backpointer to its tunnel. When\nthe session refcount drops to 0, l2tp_session_free drops the tunnel\nrefcount if session-\u003etunnel is non-NULL. However, session-\u003etunnel is\nset in l2tp_session_create, before the tunnel refcount is incremented\nby l2tp_session_register, which leaves a small window where\nsession-\u003etunnel is non-NULL when the tunnel refcount hasn\u0027t been\nbumped.\n\nMoving the assignment to l2tp_session_register is trivial but\nl2tp_session_create calls l2tp_session_set_header_len which uses\nsession-\u003etunnel to get the tunnel\u0027s encap. Add an encap arg to\nl2tp_session_set_header_len to avoid using session-\u003etunnel.\n\nIf l2tpv3 sessions have colliding IDs, it is possible for\nl2tp_v3_session_get to race with l2tp_session_register and fetch a\nsession which doesn\u0027t yet have session-\u003etunnel set. Add a check for\nthis case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49940",
"url": "https://www.suse.com/security/cve/CVE-2024-49940"
},
{
"category": "external",
"summary": "SUSE Bug 1232812 for CVE-2024-49940",
"url": "https://bugzilla.suse.com/1232812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49940"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-49994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix integer overflow in BLKSECDISCARD\n\nI independently rediscovered\n\n\tcommit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155\n\tblock: fix overflow in blk_ioctl_discard()\n\nbut for secure erase.\n\nSame problem:\n\n\tuint64_t r[2] = {512, 18446744073709551104ULL};\n\tioctl(fd, BLKSECDISCARD, r);\n\nwill enter near infinite loop inside blkdev_issue_secure_erase():\n\n\ta.out: attempt to access beyond end of device\n\tloop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048\n\tbio_check_eod: 3286214 callbacks suppressed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49994",
"url": "https://www.suse.com/security/cve/CVE-2024-49994"
},
{
"category": "external",
"summary": "SUSE Bug 1237757 for CVE-2024-49994",
"url": "https://bugzilla.suse.com/1237757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50056",
"url": "https://www.suse.com/security/cve/CVE-2024-50056"
},
{
"category": "external",
"summary": "SUSE Bug 1232389 for CVE-2024-50056",
"url": "https://bugzilla.suse.com/1232389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: use RCU read-side critical section in taprio_dump()\n\nFix possible use-after-free in \u0027taprio_dump()\u0027 by adding RCU\nread-side critical section there. Never seen on x86 but\nfound on a KASAN-enabled arm64 system when investigating\nhttps://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa:\n\n[T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0\n[T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862\n[T15862]\n[T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2\n[T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024\n[T15862] Call trace:\n[T15862] dump_backtrace+0x20c/0x220\n[T15862] show_stack+0x2c/0x40\n[T15862] dump_stack_lvl+0xf8/0x174\n[T15862] print_report+0x170/0x4d8\n[T15862] kasan_report+0xb8/0x1d4\n[T15862] __asan_report_load4_noabort+0x20/0x2c\n[T15862] taprio_dump+0xa0c/0xbb0\n[T15862] tc_fill_qdisc+0x540/0x1020\n[T15862] qdisc_notify.isra.0+0x330/0x3a0\n[T15862] tc_modify_qdisc+0x7b8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Allocated by task 15857:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_alloc_info+0x40/0x60\n[T15862] __kasan_kmalloc+0xd4/0xe0\n[T15862] __kmalloc_cache_noprof+0x194/0x334\n[T15862] taprio_change+0x45c/0x2fe0\n[T15862] tc_modify_qdisc+0x6a8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Freed by task 6192:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_free_info+0x4c/0x80\n[T15862] poison_slab_object+0x110/0x160\n[T15862] __kasan_slab_free+0x3c/0x74\n[T15862] kfree+0x134/0x3c0\n[T15862] taprio_free_sched_cb+0x18c/0x220\n[T15862] rcu_core+0x920/0x1b7c\n[T15862] rcu_core_si+0x10/0x1c\n[T15862] handle_softirqs+0x2e8/0xd64\n[T15862] __do_softirq+0x14/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50126",
"url": "https://www.suse.com/security/cve/CVE-2024-50126"
},
{
"category": "external",
"summary": "SUSE Bug 1232895 for CVE-2024-50126",
"url": "https://bugzilla.suse.com/1232895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Disable page allocation in task_tick_mm_cid()\n\nWith KASAN and PREEMPT_RT enabled, calling task_work_add() in\ntask_tick_mm_cid() may cause the following splat.\n\n[ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe\n[ 63.696416] preempt_count: 10001, expected: 0\n[ 63.696416] RCU nest depth: 1, expected: 1\n\nThis problem is caused by the following call trace.\n\n sched_tick() [ acquire rq-\u003e__lock ]\n -\u003e task_tick_mm_cid()\n -\u003e task_work_add()\n -\u003e __kasan_record_aux_stack()\n -\u003e kasan_save_stack()\n -\u003e stack_depot_save_flags()\n -\u003e alloc_pages_mpol_noprof()\n -\u003e __alloc_pages_noprof()\n\t -\u003e get_page_from_freelist()\n\t -\u003e rmqueue()\n\t -\u003e rmqueue_pcplist()\n\t -\u003e __rmqueue_pcplist()\n\t -\u003e rmqueue_bulk()\n\t -\u003e rt_spin_lock()\n\nThe rq lock is a raw_spinlock_t. We can\u0027t sleep while holding\nit. IOW, we can\u0027t call alloc_pages() in stack_depot_save_flags().\n\nThe task_tick_mm_cid() function with its task_work_add() call was\nintroduced by commit 223baf9d17f2 (\"sched: Fix performance regression\nintroduced by mm_cid\") in v6.4 kernel.\n\nFortunately, there is a kasan_record_aux_stack_noalloc() variant that\ncalls stack_depot_save_flags() while not allowing it to allocate\nnew pages. To allow task_tick_mm_cid() to use task_work without\npage allocation, a new TWAF_NO_ALLOC flag is added to enable calling\nkasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack()\nif set. The task_tick_mm_cid() function is modified to add this new flag.\n\nThe possible downside is the missing stack trace in a KASAN report due\nto new page allocation required when task_work_add_noallloc() is called\nwhich should be rare.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50140",
"url": "https://www.suse.com/security/cve/CVE-2024-50140"
},
{
"category": "external",
"summary": "SUSE Bug 1233060 for CVE-2024-50140",
"url": "https://bugzilla.suse.com/1233060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning:\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 | kfree(ea);\n | ^~~~~~~~~\n\nThere is a double free in such case:\n\u0027ea is initialized to NULL\u0027 -\u003e \u0027first successful memory allocation for\nea\u0027 -\u003e \u0027something failed, goto sea_exit\u0027 -\u003e \u0027first memory release for ea\u0027\n-\u003e \u0027goto replay_again\u0027 -\u003e \u0027second goto sea_exit before allocate memory\nfor ea\u0027 -\u003e \u0027second memory release for ea resulted in double free\u0027.\n\nRe-initialie \u0027ea\u0027 to NULL near to the replay_again label, it can fix this\ndouble free problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50152",
"url": "https://www.suse.com/security/cve/CVE-2024-50152"
},
{
"category": "external",
"summary": "SUSE Bug 1233033 for CVE-2024-50152",
"url": "https://bugzilla.suse.com/1233033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50152"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50251",
"url": "https://www.suse.com/security/cve/CVE-2024-50251"
},
{
"category": "external",
"summary": "SUSE Bug 1233248 for CVE-2024-50251",
"url": "https://bugzilla.suse.com/1233248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk-\u003esk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n tso_segs = tcp_init_tso_segs(skb, mss_now);\n tcp_set_skb_tso_segs\n tcp_skb_pcount_set\n // skb-\u003elen = 524288, mss_now = 8\n // u16 tso_segs = 524288/8 = 65535 -\u003e 0\n tso_segs = DIV_ROUND_UP(skb-\u003elen, mss_now)\n BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50258",
"url": "https://www.suse.com/security/cve/CVE-2024-50258"
},
{
"category": "external",
"summary": "SUSE Bug 1233221 for CVE-2024-50258",
"url": "https://bugzilla.suse.com/1233221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50258"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-50304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50304",
"url": "https://www.suse.com/security/cve/CVE-2024-50304"
},
{
"category": "external",
"summary": "SUSE Bug 1233522 for CVE-2024-50304",
"url": "https://bugzilla.suse.com/1233522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50304"
},
{
"cve": "CVE-2024-52559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()\n\nThe \"submit-\u003ecmd[i].size\" and \"submit-\u003ecmd[i].offset\" variables are u32\nvalues that come from the user via the submit_lookup_cmds() function.\nThis addition could lead to an integer wrapping bug so use size_add()\nto prevent that.\n\nPatchwork: https://patchwork.freedesktop.org/patch/624696/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52559",
"url": "https://www.suse.com/security/cve/CVE-2024-52559"
},
{
"category": "external",
"summary": "SUSE Bug 1238507 for CVE-2024-52559",
"url": "https://bugzilla.suse.com/1238507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-53057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53057",
"url": "https://www.suse.com/security/cve/CVE-2024-53057"
},
{
"category": "external",
"summary": "SUSE Bug 1233551 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "external",
"summary": "SUSE Bug 1245816 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1245816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon\u0027t actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we\u0027re back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn\u0027t have to take a reference of its own.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53140",
"url": "https://www.suse.com/security/cve/CVE-2024-53140"
},
{
"category": "external",
"summary": "SUSE Bug 1234222 for CVE-2024-53140",
"url": "https://bugzilla.suse.com/1234222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat/qat_420xx - fix off by one in uof_get_name()\n\nThis is called from uof_get_name_420xx() where \"num_objs\" is the\nARRAY_SIZE() of fw_objs[]. The \u003e needs to be \u003e= to prevent an out of\nbounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53163",
"url": "https://www.suse.com/security/cve/CVE-2024-53163"
},
{
"category": "external",
"summary": "SUSE Bug 1234828 for CVE-2024-53163",
"url": "https://bugzilla.suse.com/1234828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-53680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()\n\nUnder certain kernel configurations when building with Clang/LLVM, the\ncompiler does not generate a return or jump as the terminator\ninstruction for ip_vs_protocol_init(), triggering the following objtool\nwarning during build time:\n\n vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()\n\nAt runtime, this either causes an oops when trying to load the ipvs\nmodule or a boot-time panic if ipvs is built-in. This same issue has\nbeen reported by the Intel kernel test robot previously.\n\nDigging deeper into both LLVM and the kernel code reveals this to be a\nundefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer\nof 64 chars to store the registered protocol names and leaves it\nuninitialized after definition. The function calls strnlen() when\nconcatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE\nstrnlen() performs an extra step to check whether the last byte of the\ninput char buffer is a null character (commit 3009f891bb9f (\"fortify:\nAllow strlen() and strnlen() to pass compile-time known lengths\")).\nThis, together with possibly other configurations, cause the following\nIR to be generated:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section \".init.text\" align 16 !kcfi_type !29 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 14: ; preds = %11\n %15 = getelementptr inbounds i8, ptr %1, i64 63\n %16 = load i8, ptr %15, align 1\n %17 = tail call i1 @llvm.is.constant.i8(i8 %16)\n %18 = icmp eq i8 %16, 0\n %19 = select i1 %17, i1 %18, i1 false\n br i1 %19, label %20, label %23\n\n 20: ; preds = %14\n %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23\n ...\n\n 23: ; preds = %14, %11, %20\n %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24\n ...\n }\n\nThe above code calculates the address of the last char in the buffer\n(value %15) and then loads from it (value %16). Because the buffer is\nnever initialized, the LLVM GVN pass marks value %16 as undefined:\n\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n br i1 undef, label %14, label %17\n\nThis gives later passes (SCCP, in particular) more DCE opportunities by\npropagating the undef value further, and eventually removes everything\nafter the load on the uninitialized stack location:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section \".init.text\" align 16 !kcfi_type !11 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 12: ; preds = %11\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n unreachable\n }\n\nIn this way, the generated native code will just fall through to the\nnext function, as LLVM does not generate any code for the unreachable IR\ninstruction and leaves the function without a terminator.\n\nZero the on-stack buffer to avoid this possible UB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53680",
"url": "https://www.suse.com/security/cve/CVE-2024-53680"
},
{
"category": "external",
"summary": "SUSE Bug 1235715 for CVE-2024-53680",
"url": "https://bugzilla.suse.com/1235715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: IDLETIMER: Fix for possible ABBA deadlock\n\nDeletion of the last rule referencing a given idletimer may happen at\nthe same time as a read of its file in sysfs:\n\n| ======================================================\n| WARNING: possible circular locking dependency detected\n| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted\n| ------------------------------------------------------\n| iptables/3303 is trying to acquire lock:\n| ffff8881057e04b8 (kn-\u003eactive#48){++++}-{0:0}, at: __kernfs_remove+0x20\n|\n| but task is already holding lock:\n| ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v]\n|\n| which lock already depends on the new lock.\n\nA simple reproducer is:\n\n| #!/bin/bash\n|\n| while true; do\n| iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| done \u0026\n| while true; do\n| cat /sys/class/xt_idletimer/timers/testme \u003e/dev/null\n| done\n\nAvoid this by freeing list_mutex right after deleting the element from\nthe list, then continuing with the teardown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54683",
"url": "https://www.suse.com/security/cve/CVE-2024-54683"
},
{
"category": "external",
"summary": "SUSE Bug 1235729 for CVE-2024-54683",
"url": "https://bugzilla.suse.com/1235729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (\u0026htab-\u003elockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab\u0027s lock (s-\u003ecpu_slab-\u003elock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock\u0027s type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for -\u003emap_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes -\u003emap_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab-\u003eextra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn\u0027t support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn\u0027t have the problem, so kept\nit as\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56592",
"url": "https://www.suse.com/security/cve/CVE-2024-56592"
},
{
"category": "external",
"summary": "SUSE Bug 1235244 for CVE-2024-56592",
"url": "https://bugzilla.suse.com/1235244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56592"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n has already been parsed before for inner header fetching to\n register.\n\n2) Validate that the percpu area refers to this skbuff using the\n skbuff pointer as a cookie. If there is a cookie mismatch, then\n this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56638",
"url": "https://www.suse.com/security/cve/CVE-2024-56638"
},
{
"category": "external",
"summary": "SUSE Bug 1235524 for CVE-2024-56638",
"url": "https://bugzilla.suse.com/1235524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56640",
"url": "https://www.suse.com/security/cve/CVE-2024-56640"
},
{
"category": "external",
"summary": "SUSE Bug 1235436 for CVE-2024-56640",
"url": "https://bugzilla.suse.com/1235436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier\u0027s knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don\u0027t do this when ref_obj_id \u003e 0, as in\nthat case this is an acquired object and doesn\u0027t need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon\u0027t regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56702",
"url": "https://www.suse.com/security/cve/CVE-2024-56702"
},
{
"category": "external",
"summary": "SUSE Bug 1235501 for CVE-2024-56702",
"url": "https://bugzilla.suse.com/1235501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core\u2014indicated by their \u0027next\u0027 and\n\u0027previous\u0027 elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- \u003cIRQ stack\u003e --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56703",
"url": "https://www.suse.com/security/cve/CVE-2024-56703"
},
{
"category": "external",
"summary": "SUSE Bug 1235455 for CVE-2024-56703",
"url": "https://bugzilla.suse.com/1235455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev-\u003enext should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56718",
"url": "https://www.suse.com/security/cve/CVE-2024-56718"
},
{
"category": "external",
"summary": "SUSE Bug 1235589 for CVE-2024-56718",
"url": "https://bugzilla.suse.com/1235589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]\u0027s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv-\u003edma_cap.addr64 \u003e 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56719",
"url": "https://www.suse.com/security/cve/CVE-2024-56719"
},
{
"category": "external",
"summary": "SUSE Bug 1235591 for CVE-2024-56719",
"url": "https://bugzilla.suse.com/1235591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-56751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: release nexthop on device removal\n\nThe CI is hitting some aperiodic hangup at device removal time in the\npmtu.sh self-test:\n\nunregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6\nref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at\n\tdst_init+0x84/0x4a0\n\tdst_alloc+0x97/0x150\n\tip6_dst_alloc+0x23/0x90\n\tip6_rt_pcpu_alloc+0x1e6/0x520\n\tip6_pol_route+0x56f/0x840\n\tfib6_rule_lookup+0x334/0x630\n\tip6_route_output_flags+0x259/0x480\n\tip6_dst_lookup_tail.constprop.0+0x5c2/0x940\n\tip6_dst_lookup_flow+0x88/0x190\n\tudp_tunnel6_dst_lookup+0x2a7/0x4c0\n\tvxlan_xmit_one+0xbde/0x4a50 [vxlan]\n\tvxlan_xmit+0x9ad/0xf20 [vxlan]\n\tdev_hard_start_xmit+0x10e/0x360\n\t__dev_queue_xmit+0xf95/0x18c0\n\tarp_solicit+0x4a2/0xe00\n\tneigh_probe+0xaa/0xf0\n\nWhile the first suspect is the dst_cache, explicitly tracking the dst\nowing the last device reference via probes proved such dst is held by\nthe nexthop in the originating fib6_info.\n\nSimilar to commit f5b51fe804ec (\"ipv6: route: purge exception on\nremoval\"), we need to explicitly release the originating fib info when\ndisconnecting a to-be-removed device from a live ipv6 dst: move the\nfib6_info cleanup into ip6_dst_ifdown().\n\nTested running:\n\n./pmtu.sh cleanup_ipv6_exception\n\nin a tight loop for more than 400 iterations with no spat, running an\nunpatched kernel I observed a splat every ~10 iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56751",
"url": "https://www.suse.com/security/cve/CVE-2024-56751"
},
{
"category": "external",
"summary": "SUSE Bug 1234936 for CVE-2024-56751",
"url": "https://bugzilla.suse.com/1234936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56758",
"url": "https://www.suse.com/security/cve/CVE-2024-56758"
},
{
"category": "external",
"summary": "SUSE Bug 1235621 for CVE-2024-56758",
"url": "https://bugzilla.suse.com/1235621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: netem: account for backlog updates from child qdisc\n\nIn general, \u0027qlen\u0027 of any classful qdisc should keep track of the\nnumber of packets that the qdisc itself and all of its children holds.\nIn case of netem, \u0027qlen\u0027 only accounts for the packets in its internal\ntfifo. When netem is used with a child qdisc, the child qdisc can use\n\u0027qdisc_tree_reduce_backlog\u0027 to inform its parent, netem, about created\nor dropped SKBs. This function updates \u0027qlen\u0027 and the backlog statistics\nof netem, but netem does not account for changes made by a child qdisc.\n\u0027qlen\u0027 then indicates the wrong number of packets in the tfifo.\nIf a child qdisc creates new SKBs during enqueue and informs its parent\nabout this, netem\u0027s \u0027qlen\u0027 value is increased. When netem dequeues the\nnewly created SKBs from the child, the \u0027qlen\u0027 in netem is not updated.\nIf \u0027qlen\u0027 reaches the configured sch-\u003elimit, the enqueue function stops\nworking, even though the tfifo is not full.\n\nReproduce the bug:\nEnsure that the sender machine has GSO enabled. Configure netem as root\nqdisc and tbf as its child on the outgoing interface of the machine\nas follows:\n$ tc qdisc add dev \u003coif\u003e root handle 1: netem delay 100ms limit 100\n$ tc qdisc add dev \u003coif\u003e parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms\n\nSend bulk TCP traffic out via this interface, e.g., by running an iPerf3\nclient on the machine. Check the qdisc statistics:\n$ tc -s qdisc show dev \u003coif\u003e\n\nStatistics after 10s of iPerf3 TCP test before the fix (note that\nnetem\u0027s backlog \u003e limit, netem stopped accepting packets):\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0)\n backlog 4294528236b 1155p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0)\n backlog 0b 0p requeues 0\n\nStatistics after the fix:\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0)\n backlog 0b 0p requeues 0\n\ntbf segments the GSO SKBs (tbf_segment) and updates the netem\u0027s \u0027qlen\u0027.\nThe interface fully stops transferring packets and \"locks\". In this case,\nthe child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at\nits limit and no more packets are accepted.\n\nThis patch adds a counter for the entries in the tfifo. Netem\u0027s \u0027qlen\u0027 is\nonly decreased when a packet is returned by its dequeue function, and not\nduring enqueuing into the child qdisc. External updates to \u0027qlen\u0027 are thus\naccounted for and only the behavior of the backlog statistics changes. As\nin other qdiscs, \u0027qlen\u0027 then keeps track of how many packets are held in\nnetem and all of its children. As before, sch-\u003elimit remains as the\nmaximum number of packets in the tfifo. The same applies to netem\u0027s\nbacklog statistics.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56770",
"url": "https://www.suse.com/security/cve/CVE-2024-56770"
},
{
"category": "external",
"summary": "SUSE Bug 1235637 for CVE-2024-56770",
"url": "https://bugzilla.suse.com/1235637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix for a potential deadlock\n\nThis fixes a \u0027possible circular locking dependency detected\u0027 warning\n CPU0 CPU1\n ---- ----\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n\nFix this by temporarily releasing the reset_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57807",
"url": "https://www.suse.com/security/cve/CVE-2024-57807"
},
{
"category": "external",
"summary": "SUSE Bug 1235761 for CVE-2024-57807",
"url": "https://bugzilla.suse.com/1235761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57807"
},
{
"cve": "CVE-2024-57834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread\n\nsyzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1]\n\nIf dvb-\u003emux is not initialized successfully by vidtv_mux_init() in the\nvidtv_start_streaming(), it will trigger null pointer dereference about mux\nin vidtv_mux_stop_thread().\n\nAdjust the timing of streaming initialization and check it before\nstopping it.\n\n[1]\nKASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\nCPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:vidtv_mux_stop_thread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471\nCode: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8\nRSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125\nRDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128\nRBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188\nR13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710\nFS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline]\n vidtv_stop_feed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252\n dmx_section_feed_stop_filtering+0x90/0x160 drivers/media/dvb-core/dvb_demux.c:1000\n dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486\n dvb_dmxdev_filter_stop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3f8/0xb60 fs/file_table.c:450\n task_work_run+0x14e/0x250 kernel/task_work.c:239\n get_signal+0x1d3/0x2610 kernel/signal.c:2790\n arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218\n do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57834",
"url": "https://www.suse.com/security/cve/CVE-2024-57834"
},
{
"category": "external",
"summary": "SUSE Bug 1238993 for CVE-2024-57834",
"url": "https://bugzilla.suse.com/1238993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 \u003c80\u003e 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n \u003c/TASK\u003e\n\nEric noted a probable shinfo-\u003enr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57882",
"url": "https://www.suse.com/security/cve/CVE-2024-57882"
},
{
"category": "external",
"summary": "SUSE Bug 1235914 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "external",
"summary": "SUSE Bug 1235916 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-57882"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: serialize calls to nf_register_net_hooks()\n\nsyzbot found a race in ila_add_mapping() [1]\n\ncommit 031ae72825ce (\"ila: call nf_unregister_net_hooks() sooner\")\nattempted to fix a similar issue.\n\nLooking at the syzbot repro, we have concurrent ILA_CMD_ADD commands.\n\nAdd a mutex to make sure at most one thread is calling nf_register_net_hooks().\n\n[1]\n BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\nRead of size 4 at addr ffff888028f40008 by task dhcpcd/5501\n\nCPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626\n nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309\n __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672\n __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785\n process_backlog+0x443/0x15f0 net/core/dev.c:6117\n __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0xa94/0x1010 net/core/dev.c:7074\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57900",
"url": "https://www.suse.com/security/cve/CVE-2024-57900"
},
{
"category": "external",
"summary": "SUSE Bug 1235973 for CVE-2024-57900",
"url": "https://bugzilla.suse.com/1235973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrdma/cxgb4: Prevent potential integer overflow on 32bit\n\nThe \"gl-\u003etot_len\" variable is controlled by the user. It comes from\nprocess_responses(). On 32bit systems, the \"gl-\u003etot_len + sizeof(struct\ncpl_pass_accept_req) + sizeof(struct rss_header)\" addition could have an\ninteger wrapping bug. Use size_add() to prevent this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57973",
"url": "https://www.suse.com/security/cve/CVE-2024-57973"
},
{
"category": "external",
"summary": "SUSE Bug 1238531 for CVE-2024-57973",
"url": "https://bugzilla.suse.com/1238531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Deal with race between UDP socket address change and rehash\n\nIf a UDP socket changes its local address while it\u0027s receiving\ndatagrams, as a result of connect(), there is a period during which\na lookup operation might fail to find it, after the address is changed\nbut before the secondary hash (port and address) and the four-tuple\nhash (local and remote ports and addresses) are updated.\n\nSecondary hash chains were introduced by commit 30fff9231fad (\"udp:\nbind() optimisation\") and, as a result, a rehash operation became\nneeded to make a bound socket reachable again after a connect().\n\nThis operation was introduced by commit 719f835853a9 (\"udp: add\nrehash on connect()\") which isn\u0027t however a complete fix: the\nsocket will be found once the rehashing completes, but not while\nit\u0027s pending.\n\nThis is noticeable with a socat(1) server in UDP4-LISTEN mode, and a\nclient sending datagrams to it. After the server receives the first\ndatagram (cf. _xioopen_ipdgram_listen()), it issues a connect() to\nthe address of the sender, in order to set up a directed flow.\n\nNow, if the client, running on a different CPU thread, happens to\nsend a (subsequent) datagram while the server\u0027s socket changes its\naddress, but is not rehashed yet, this will result in a failed\nlookup and a port unreachable error delivered to the client, as\napparent from the following reproducer:\n\n LEN=$(($(cat /proc/sys/net/core/wmem_default) / 4))\n dd if=/dev/urandom bs=1 count=${LEN} of=tmp.in\n\n while :; do\n \ttaskset -c 1 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.1 || sleep 1\n \ttaskset -c 2 socat OPEN:tmp.in UDP4:localhost:1337,shut-null\n \twait\n done\n\nwhere the client will eventually get ECONNREFUSED on a write()\n(typically the second or third one of a given iteration):\n\n 2024/11/13 21:28:23 socat[46901] E write(6, 0x556db2e3c000, 8192): Connection refused\n\nThis issue was first observed as a seldom failure in Podman\u0027s tests\nchecking UDP functionality while using pasta(1) to connect the\ncontainer\u0027s network namespace, which leads us to a reproducer with\nthe lookup error resulting in an ICMP packet on a tap device:\n\n LOCAL_ADDR=\"$(ip -j -4 addr show|jq -rM \u0027.[] | .addr_info[0] | select(.scope == \"global\").local\u0027)\"\n\n while :; do\n \t./pasta --config-net -p pasta.pcap -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.2 || sleep 1\n \tsocat OPEN:tmp.in UDP4:${LOCAL_ADDR}:1337,shut-null\n \twait\n \tcmp tmp.in tmp.out\n done\n\nOnce this fails:\n\n tmp.in tmp.out differ: char 8193, line 29\n\nwe can finally have a look at what\u0027s going on:\n\n $ tshark -r pasta.pcap\n 1 0.000000 :: ? ff02::16 ICMPv6 110 Multicast Listener Report Message v2\n 2 0.168690 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 3 0.168767 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 4 0.168806 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 5 0.168827 c6:47:05:8d:dc:04 ? Broadcast ARP 42 Who has 88.198.0.161? Tell 88.198.0.164\n 6 0.168851 9a:55:9a:55:9a:55 ? c6:47:05:8d:dc:04 ARP 42 88.198.0.161 is at 9a:55:9a:55:9a:55\n 7 0.168875 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 8 0.168896 88.198.0.164 ? 88.198.0.161 ICMP 590 Destination unreachable (Port unreachable)\n 9 0.168926 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 10 0.168959 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 11 0.168989 88.198.0.161 ? 88.198.0.164 UDP 4138 60260 ? 1337 Len=4096\n 12 0.169010 88.198.0.161 ? 88.198.0.164 UDP 42 60260 ? 1337 Len=0\n\nOn the third datagram received, the network namespace of the container\ninitiates an ARP lookup to deliver the ICMP message.\n\nIn another variant of this reproducer, starting the client with:\n\n strace -f pasta --config-net -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,tru\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57974",
"url": "https://www.suse.com/security/cve/CVE-2024-57974"
},
{
"category": "external",
"summary": "SUSE Bug 1238532 for CVE-2024-57974",
"url": "https://bugzilla.suse.com/1238532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Fix potential error pointer dereference in detach_pm()\n\nThe proble is on the first line:\n\n\tif (jpeg-\u003epd_dev[i] \u0026\u0026 !pm_runtime_suspended(jpeg-\u003epd_dev[i]))\n\nIf jpeg-\u003epd_dev[i] is an error pointer, then passing it to\npm_runtime_suspended() will lead to an Oops. The other conditions\ncheck for both error pointers and NULL, but it would be more clear to\nuse the IS_ERR_OR_NULL() check for that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57978",
"url": "https://www.suse.com/security/cve/CVE-2024-57978"
},
{
"category": "external",
"summary": "SUSE Bug 1238523 for CVE-2024-57978",
"url": "https://bugzilla.suse.com/1238523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can\u0027t explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\n\n pps_core: source serial1 got cdev (251:1)\n \u003c...\u003e\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57979",
"url": "https://www.suse.com/security/cve/CVE-2024-57979"
},
{
"category": "external",
"summary": "SUSE Bug 1238521 for CVE-2024-57979",
"url": "https://bugzilla.suse.com/1238521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix double free in error path\n\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev-\u003estatus pointer but doesn\u0027t reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev-\u003estatus pointer to\nNULL after freeing it.\n\nReviewed by: Ricardo Ribalda \u003cribalda@chromium.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57980",
"url": "https://www.suse.com/security/cve/CVE-2024-57980"
},
{
"category": "external",
"summary": "SUSE Bug 1237911 for CVE-2024-57980",
"url": "https://bugzilla.suse.com/1237911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix NULL pointer dereference on certain command aborts\n\nIf a command is queued to the final usable TRB of a ring segment, the\nenqueue pointer is advanced to the subsequent link TRB and no further.\nIf the command is later aborted, when the abort completion is handled\nthe dequeue pointer is advanced to the first TRB of the next segment.\n\nIf no further commands are queued, xhci_handle_stopped_cmd_ring() sees\nthe ring pointers unequal and assumes that there is a pending command,\nso it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.\n\nDon\u0027t attempt timer setup if cur_cmd is NULL. The subsequent doorbell\nring likely is unnecessary too, but it\u0027s harmless. Leave it alone.\n\nThis is probably Bug 219532, but no confirmation has been received.\n\nThe issue has been independently reproduced and confirmed fixed using\na USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.\nEverything continued working normally after several prevented crashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57981",
"url": "https://www.suse.com/security/cve/CVE-2024-57981"
},
{
"category": "external",
"summary": "SUSE Bug 1237912 for CVE-2024-57981",
"url": "https://bugzilla.suse.com/1237912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Fix assumption that Resolution Multipliers must be in Logical Collections\n\nA report in 2019 by the syzbot fuzzer was found to be connected to two\nerrors in the HID core associated with Resolution Multipliers. One of\nthe errors was fixed by commit ea427a222d8b (\"HID: core: Fix deadloop\nin hid_apply_multiplier.\"), but the other has not been fixed.\n\nThis error arises because hid_apply_multipler() assumes that every\nResolution Multiplier control is contained in a Logical Collection,\ni.e., there\u0027s no way the routine can ever set multiplier_collection to\nNULL. This is in spite of the fact that the function starts with a\nbig comment saying:\n\n\t * \"The Resolution Multiplier control must be contained in the same\n\t * Logical Collection as the control(s) to which it is to be applied.\n\t ...\n\t * If no Logical Collection is\n\t * defined, the Resolution Multiplier is associated with all\n\t * controls in the report.\"\n\t * HID Usage Table, v1.12, Section 4.3.1, p30\n\t *\n\t * Thus, search from the current collection upwards until we find a\n\t * logical collection...\n\nThe comment and the code overlook the possibility that none of the\ncollections found may be a Logical Collection.\n\nThe fix is to set the multiplier_collection pointer to NULL if the\ncollection found isn\u0027t a Logical Collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57986",
"url": "https://www.suse.com/security/cve/CVE-2024-57986"
},
{
"category": "external",
"summary": "SUSE Bug 1237907 for CVE-2024-57986",
"url": "https://bugzilla.suse.com/1237907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: fix off by one in mt7925_load_clc()\n\nThis comparison should be \u003e= instead of \u003e to prevent an out of bounds\nread and write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57990",
"url": "https://www.suse.com/security/cve/CVE-2024-57990"
},
{
"category": "external",
"summary": "SUSE Bug 1237900 for CVE-2024-57990",
"url": "https://bugzilla.suse.com/1237900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check\n\nsyzbot has found a type mismatch between a USB pipe and the transfer\nendpoint, which is triggered by the hid-thrustmaster driver[1].\nThere is a number of similar, already fixed issues [2].\nIn this case as in others, implementing check for endpoint type fixes the issue.\n\n[1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470\n[2] https://syzkaller.appspot.com/bug?extid=348331f63b034f89b622",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57993",
"url": "https://www.suse.com/security/cve/CVE-2024-57993"
},
{
"category": "external",
"summary": "SUSE Bug 1237894 for CVE-2024-57993",
"url": "https://bugzilla.suse.com/1237894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don\u0027t allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q-\u003etail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57996",
"url": "https://www.suse.com/security/cve/CVE-2024-57996"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "external",
"summary": "SUSE Bug 1239077 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wcn36xx: fix channel survey memory allocation size\n\nKASAN reported a memory allocation issue in wcn-\u003echan_survey\ndue to incorrect size calculation.\nThis commit uses kcalloc to allocate memory for wcn-\u003echan_survey,\nensuring proper initialization and preventing the use of uninitialized\nvalues when there are no frames on the channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57997",
"url": "https://www.suse.com/security/cve/CVE-2024-57997"
},
{
"category": "external",
"summary": "SUSE Bug 1238529 for CVE-2024-57997",
"url": "https://bugzilla.suse.com/1238529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW\n\nPower Hypervisor can possibily allocate MMIO window intersecting with\nDynamic DMA Window (DDW) range, which is over 32-bit addressing.\n\nThese MMIO pages needs to be marked as reserved so that IOMMU doesn\u0027t map\nDMA buffers in this range.\n\nThe current code is not marking these pages correctly which is resulting\nin LPAR to OOPS while booting. The stack is at below\n\nBUG: Unable to handle kernel data access on read at 0xc00800005cd40000\nFaulting instruction address: 0xc00000000005cdac\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod\nSupported: Yes, External\nCPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b\nHardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries\nWorkqueue: events work_for_cpu_fn\nNIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000\nREGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default)\nMSR: 800000000280b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 24228448 XER: 00000001\nCFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0\nGPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800\nGPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000\nGPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff\nGPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000\nGPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800\nGPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b\nGPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8\nGPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800\nNIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100\nLR [c00000000005e830] iommu_init_table+0x80/0x1e0\nCall Trace:\n[c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable)\n[c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40\n[c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230\n[c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90\n[c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80\n[c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net]\n[c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110\n[c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60\n[c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620\n[c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620\n[c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150\n[c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18\n\nThere are 2 issues in the code\n\n1. The index is \"int\" while the address is \"unsigned long\". This results in\n negative value when setting the bitmap.\n\n2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit\n address). MMIO address needs to be page shifted as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57999",
"url": "https://www.suse.com/security/cve/CVE-2024-57999"
},
{
"category": "external",
"summary": "SUSE Bug 1238526 for CVE-2024-57999",
"url": "https://bugzilla.suse.com/1238526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Remove dangling pointers\n\nWhen an async control is written, we copy a pointer to the file handle\nthat started the operation. That pointer will be used when the device is\ndone. Which could be anytime in the future.\n\nIf the user closes that file descriptor, its structure will be freed,\nand there will be one dangling pointer per pending async control, that\nthe driver will try to use.\n\nClean all the dangling pointers during release().\n\nTo avoid adding a performance penalty in the most common case (no async\noperation), a counter has been introduced with some logic to make sure\nthat it is properly handled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58002",
"url": "https://www.suse.com/security/cve/CVE-2024-58002"
},
{
"category": "external",
"summary": "SUSE Bug 1238503 for CVE-2024-58002",
"url": "https://bugzilla.suse.com/1238503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Change to kvalloc() in eventlog/acpi.c\n\nThe following failure was reported on HPE ProLiant D320:\n\n[ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0)\n[ 10.848132][ T1] ------------[ cut here ]------------\n[ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330\n[ 10.862827][ T1] Modules linked in:\n[ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375\n[ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024\n[ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330\n[ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 \u003c0f\u003e 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1\n[ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246\n[ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000\n[ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0\n\nThe above transcript shows that ACPI pointed a 16 MiB buffer for the log\nevents because RSI maps to the \u0027order\u0027 parameter of __alloc_pages_noprof().\nAddress the bug by moving from devm_kmalloc() to devm_add_action() and\nkvmalloc() and devm_add_action().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58005",
"url": "https://www.suse.com/security/cve/CVE-2024-58005"
},
{
"category": "external",
"summary": "SUSE Bug 1237873 for CVE-2024-58005",
"url": "https://bugzilla.suse.com/1237873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()\n\nIn commit 4284c88fff0e (\"PCI: designware-ep: Allow pci_epc_set_bar() update\ninbound map address\") set_bar() was modified to support dynamically\nchanging the backing physical address of a BAR that was already configured.\n\nThis means that set_bar() can be called twice, without ever calling\nclear_bar() (as calling clear_bar() would clear the BAR\u0027s PCI address\nassigned by the host).\n\nThis can only be done if the new BAR size/flags does not differ from the\nexisting BAR configuration. Add these missing checks.\n\nIf we allow set_bar() to set e.g. a new BAR size that differs from the\nexisting BAR size, the new address translation range will be smaller than\nthe BAR size already determined by the host, which would mean that a read\npast the new BAR size would pass the iATU untranslated, which could allow\nthe host to read memory not belonging to the new struct pci_epf_bar.\n\nWhile at it, add comments which clarifies the support for dynamically\nchanging the physical address of a BAR. (Which was also missing.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58006",
"url": "https://www.suse.com/security/cve/CVE-2024-58006"
},
{
"category": "external",
"summary": "SUSE Bug 1238772 for CVE-2024-58006",
"url": "https://bugzilla.suse.com/1238772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: socinfo: Avoid out of bounds read of serial number\n\nOn MSM8916 devices, the serial number exposed in sysfs is constant and does\nnot change across individual devices. It\u0027s always:\n\n db410c:/sys/devices/soc0$ cat serial_number\n 2644893864\n\nThe firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not\nhave support for the serial_num field in the socinfo struct. There is an\nexisting check to avoid exposing the serial number in that case, but it\u0027s\nnot correct: When checking the item_size returned by SMEM, we need to make\nsure the *end* of the serial_num is within bounds, instead of comparing\nwith the *start* offset. The serial_number currently exposed on MSM8916\ndevices is just an out of bounds read of whatever comes after the socinfo\nstruct in SMEM.\n\nFix this by changing offsetof() to offsetofend(), so that the size of the\nfield is also taken into account.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58007",
"url": "https://www.suse.com/security/cve/CVE-2024-58007"
},
{
"category": "external",
"summary": "SUSE Bug 1238511 for CVE-2024-58007",
"url": "https://bugzilla.suse.com/1238511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58009",
"url": "https://www.suse.com/security/cve/CVE-2024-58009"
},
{
"category": "external",
"summary": "SUSE Bug 1238760 for CVE-2024-58009",
"url": "https://bugzilla.suse.com/1238760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: int3472: Check for adev == NULL\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL. This\ncan e.g. (theoretically) happen when a user manually binds one of\nthe int3472 drivers to another i2c/platform device through sysfs.\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58011",
"url": "https://www.suse.com/security/cve/CVE-2024-58011"
},
{
"category": "external",
"summary": "SUSE Bug 1239080 for CVE-2024-58011",
"url": "https://bugzilla.suse.com/1239080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params\n\nEach cpu DAI should associate with a widget. However, the topology might\nnot create the right number of DAI widgets for aggregated amps. And it\nwill cause NULL pointer deference.\nCheck that the DAI widget associated with the CPU DAI is valid to prevent\nNULL pointer deference due to missing DAI widgets in topologies with\naggregated amps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58012",
"url": "https://www.suse.com/security/cve/CVE-2024-58012"
},
{
"category": "external",
"summary": "SUSE Bug 1239104 for CVE-2024-58012",
"url": "https://bugzilla.suse.com/1239104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\nRead of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961\n\nCPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 16026:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n sock_write_iter+0x2d7/0x3f0 net/socket.c:1147\n new_sync_write fs/read_write.c:586 [inline]\n vfs_write+0xaeb/0xd30 fs/read_write.c:679\n ksys_write+0x18f/0x2b0 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 16022:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kfree+0x196/0x420 mm/slub.c:4746\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550\n hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1209\n sock_ioctl+0x626/0x8e0 net/socket.c:1328\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58013",
"url": "https://www.suse.com/security/cve/CVE-2024-58013"
},
{
"category": "external",
"summary": "SUSE Bug 1239095 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "external",
"summary": "SUSE Bug 1239096 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()\n\nIn \u0027wlc_phy_iqcal_gainparams_nphy()\u0027, add gain range check to WARN()\ninstead of possible out-of-bounds \u0027tbl_iqcal_gainparams_nphy\u0027 access.\nCompile tested only.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58014",
"url": "https://www.suse.com/security/cve/CVE-2024-58014"
},
{
"category": "external",
"summary": "SUSE Bug 1239109 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "external",
"summary": "SUSE Bug 1239110 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nprintk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX\n\nShifting 1 \u003c\u003c 31 on a 32-bit int causes signed integer overflow, which\nleads to undefined behavior. To prevent this, cast 1 to u32 before\nperforming the shift, ensuring well-defined behavior.\n\nThis change explicitly avoids any potential overflow by ensuring that\nthe shift occurs on an unsigned 32-bit integer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58017",
"url": "https://www.suse.com/security/cve/CVE-2024-58017"
},
{
"category": "external",
"summary": "SUSE Bug 1239112 for CVE-2024-58017",
"url": "https://bugzilla.suse.com/1239112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm/gsp: correctly advance the read pointer of GSP message queue\n\nA GSP event message consists three parts: message header, RPC header,\nmessage body. GSP calculates the number of pages to write from the\ntotal size of a GSP message. This behavior can be observed from the\nmovement of the write pointer.\n\nHowever, nvkm takes only the size of RPC header and message body as\nthe message size when advancing the read pointer. When handling a\ntwo-page GSP message in the non rollback case, It wrongly takes the\nmessage body of the previous message as the message header of the next\nmessage. As the \"message length\" tends to be zero, in the calculation of\nsize needs to be copied (0 - size of (message header)), the size needs to\nbe copied will be \"0xffffffxx\". It also triggers a kernel panic due to a\nNULL pointer error.\n\n[ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@.......\n[ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................\n[ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................\n[ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................\n[ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 547.669485] #PF: supervisor read access in kernel mode\n[ 547.674624] #PF: error_code(0x0000) - not-present page\n[ 547.679755] PGD 0 P4D 0\n[ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1\n[ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm]\n[ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 \u003c8b\u003e 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05\n[ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203\n[ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f\n[ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010\n[ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0\n[ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000\n[ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000\n[ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000\n[ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0\n[ 547.793896] PKRU: 55555554\n[ 547.796600] Call Trace:\n[ 547.799046] \u003cTASK\u003e\n[ 547.801152] ? __die+0x20/0x70\n[ 547.804211] ? page_fault_oops+0x75/0x170\n[ 547.808221] ? print_hex_dump+0x100/0x160\n[ 547.812226] ? exc_page_fault+0x64/0x150\n[ 547.816152] ? asm_exc_page_fault+0x22/0x30\n[ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm]\n[ 547.829845] process_one_work+0x196/0x3d0\n[ 547.833861] worker_thread+0x2fc/0x410\n[ 547.837613] ? __pfx_worker_thread+0x10/0x10\n[ 547.841885] kthread+0xdf/0x110\n[ 547.845031] ? __pfx_kthread+0x10/0x10\n[ 547.848775] ret_from_fork+0x30/0x50\n[ 547.852354] ? __pfx_kthread+0x10/0x10\n[ 547.856097] ret_from_fork_asm+0x1a/0x30\n[ 547.860019] \u003c/TASK\u003e\n[ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58019",
"url": "https://www.suse.com/security/cve/CVE-2024-58019"
},
{
"category": "external",
"summary": "SUSE Bug 1238997 for CVE-2024-58019",
"url": "https://bugzilla.suse.com/1238997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Add NULL check in mt_input_configured\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt_input_configured() is not checked.\nAdd NULL check in mt_input_configured(), to handle kernel NULL\npointer dereference error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58020",
"url": "https://www.suse.com/security/cve/CVE-2024-58020"
},
{
"category": "external",
"summary": "SUSE Bug 1239346 for CVE-2024-58020",
"url": "https://bugzilla.suse.com/1239346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()\n\nAs of_find_node_by_name() release the reference of the argument device\nnode, tegra_emc_find_node_by_ram_code() releases some device nodes while\nstill in use, resulting in possible UAFs. According to the bindings and\nthe in-tree DTS files, the \"emc-tables\" node is always device\u0027s child\nnode with the property \"nvidia,use-ram-code\", and the \"lpddr2\" node is a\nchild of the \"emc-tables\" node. Thus utilize the\nfor_each_child_of_node() macro and of_get_child_by_name() instead of\nof_find_node_by_name() to simplify the code.\n\nThis bug was found by an experimental verification tool that I am\ndeveloping.\n\n[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58034",
"url": "https://www.suse.com/security/cve/CVE-2024-58034"
},
{
"category": "external",
"summary": "SUSE Bug 1238773 for CVE-2024-58034",
"url": "https://bugzilla.suse.com/1238773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ipmb: Add check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this\nreturned value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58051",
"url": "https://www.suse.com/security/cve/CVE-2024-58051"
},
{
"category": "external",
"summary": "SUSE Bug 1238963 for CVE-2024-58051",
"url": "https://bugzilla.suse.com/1238963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table\n\nThe function atomctrl_get_smc_sclk_range_table() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to\nretrieve SMU_Info table, it returns NULL which is later dereferenced.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nIn practice this should never happen as this code only gets called\non polaris chips and the vbios data table will always be present on\nthose chips.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58052",
"url": "https://www.suse.com/security/cve/CVE-2024-58052"
},
{
"category": "external",
"summary": "SUSE Bug 1238986 for CVE-2024-58052",
"url": "https://bugzilla.suse.com/1238986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58052"
},
{
"cve": "CVE-2024-58054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: max96712: fix kernel oops when removing module\n\nThe following kernel oops is thrown when trying to remove the max96712\nmodule:\n\nUnable to handle kernel paging request at virtual address 00007375746174db\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af89000\n[00007375746174db] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in: crct10dif_ce polyval_ce mxc_jpeg_encdec flexcan\n snd_soc_fsl_sai snd_soc_fsl_asoc_card snd_soc_fsl_micfil dwc_mipi_csi2\n imx_csi_formatter polyval_generic v4l2_jpeg imx_pcm_dma can_dev\n snd_soc_imx_audmux snd_soc_wm8962 snd_soc_imx_card snd_soc_fsl_utils\n max96712(C-) rpmsg_ctrl rpmsg_char pwm_fan fuse\n [last unloaded: imx8_isi]\nCPU: 0 UID: 0 PID: 754 Comm: rmmod\n\t Tainted: G C 6.12.0-rc6-06364-g327fec852c31 #17\nTainted: [C]=CRAP\nHardware name: NXP i.MX95 19X19 board (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : led_put+0x1c/0x40\nlr : v4l2_subdev_put_privacy_led+0x48/0x58\nsp : ffff80008699bbb0\nx29: ffff80008699bbb0 x28: ffff00008ac233c0 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000080cf1170 x22: ffff00008b53bd00 x21: ffff8000822ad1c8\nx20: ffff000080ff5c00 x19: ffff00008b53be40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000004 x13: ffff0000800f8010 x12: 0000000000000000\nx11: ffff000082acf5c0 x10: ffff000082acf478 x9 : ffff0000800f8010\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000020 x3 : 00000000553a3dc1\nx2 : ffff00008ac233c0 x1 : ffff00008ac233c0 x0 : ff00737574617473\nCall trace:\n led_put+0x1c/0x40\n v4l2_subdev_put_privacy_led+0x48/0x58\n v4l2_async_unregister_subdev+0x2c/0x1a4\n max96712_remove+0x1c/0x38 [max96712]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x4c/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n max96712_i2c_driver_exit+0x18/0x1d0 [max96712]\n __arm64_sys_delete_module+0x1a4/0x290\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xd8\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x190/0x194\nCode: f9000bf3 aa0003f3 f9402800 f9402000 (f9403400)\n---[ end trace 0000000000000000 ]---\n\nThis happens because in v4l2_i2c_subdev_init(), the i2c_set_cliendata()\nis called again and the data is overwritten to point to sd, instead of\npriv. So, in remove(), the wrong pointer is passed to\nv4l2_async_unregister_subdev(), leading to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58054",
"url": "https://www.suse.com/security/cve/CVE-2024-58054"
},
{
"category": "external",
"summary": "SUSE Bug 1238975 for CVE-2024-58054",
"url": "https://bugzilla.suse.com/1238975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58054"
},
{
"cve": "CVE-2024-58055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_tcm: Don\u0027t free command immediately\n\nDon\u0027t prematurely free the command. Wait for the status completion of\nthe sense status. It can be freed then. Otherwise we will double-free\nthe command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58055",
"url": "https://www.suse.com/security/cve/CVE-2024-58055"
},
{
"category": "external",
"summary": "SUSE Bug 1238959 for CVE-2024-58055",
"url": "https://bugzilla.suse.com/1238959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58055"
},
{
"cve": "CVE-2024-58056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Fix ida_free call while not allocated\n\nIn the rproc_alloc() function, on error, put_device(\u0026rproc-\u003edev) is\ncalled, leading to the call of the rproc_type_release() function.\nAn error can occurs before ida_alloc is called.\n\nIn such case in rproc_type_release(), the condition (rproc-\u003eindex \u003e= 0) is\ntrue as rproc-\u003eindex has been initialized to 0.\nida_free() is called reporting a warning:\n[ 4.181906] WARNING: CPU: 1 PID: 24 at lib/idr.c:525 ida_free+0x100/0x164\n[ 4.186378] stm32-display-dsi 5a000000.dsi: Fixed dependency cycle(s) with /soc/dsi@5a000000/panel@0\n[ 4.188854] ida_free called for id=0 which is not allocated.\n[ 4.198256] mipi-dsi 5a000000.dsi.0: Fixed dependency cycle(s) with /soc/dsi@5a000000\n[ 4.203556] Modules linked in: panel_orisetech_otm8009a dw_mipi_dsi_stm(+) gpu_sched dw_mipi_dsi stm32_rproc stm32_crc32 stm32_ipcc(+) optee(+)\n[ 4.224307] CPU: 1 UID: 0 PID: 24 Comm: kworker/u10:0 Not tainted 6.12.0 #442\n[ 4.231481] Hardware name: STM32 (Device Tree Support)\n[ 4.236627] Workqueue: events_unbound deferred_probe_work_func\n[ 4.242504] Call trace:\n[ 4.242522] unwind_backtrace from show_stack+0x10/0x14\n[ 4.250218] show_stack from dump_stack_lvl+0x50/0x64\n[ 4.255274] dump_stack_lvl from __warn+0x80/0x12c\n[ 4.260134] __warn from warn_slowpath_fmt+0x114/0x188\n[ 4.265199] warn_slowpath_fmt from ida_free+0x100/0x164\n[ 4.270565] ida_free from rproc_type_release+0x38/0x60\n[ 4.275832] rproc_type_release from device_release+0x30/0xa0\n[ 4.281601] device_release from kobject_put+0xc4/0x294\n[ 4.286762] kobject_put from rproc_alloc.part.0+0x208/0x28c\n[ 4.292430] rproc_alloc.part.0 from devm_rproc_alloc+0x80/0xc4\n[ 4.298393] devm_rproc_alloc from stm32_rproc_probe+0xd0/0x844 [stm32_rproc]\n[ 4.305575] stm32_rproc_probe [stm32_rproc] from platform_probe+0x5c/0xbc\n\nCalling ida_alloc earlier in rproc_alloc ensures that the rproc-\u003eindex is\nproperly set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58056",
"url": "https://www.suse.com/security/cve/CVE-2024-58056"
},
{
"category": "external",
"summary": "SUSE Bug 1238981 for CVE-2024-58056",
"url": "https://bugzilla.suse.com/1238981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58056"
},
{
"cve": "CVE-2024-58057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert workqueues to unbound\n\nWhen a workqueue is created with `WQ_UNBOUND`, its work items are\nserved by special worker-pools, whose host workers are not bound to\nany specific CPU. In the default configuration (i.e. when\n`queue_delayed_work` and friends do not specify which CPU to run the\nwork item on), `WQ_UNBOUND` allows the work item to be executed on any\nCPU in the same node of the CPU it was enqueued on. While this\nsolution potentially sacrifices locality, it avoids contention with\nother processes that might dominate the CPU time of the processor the\nwork item was scheduled on.\n\nThis is not just a theoretical problem: in a particular scenario\nmisconfigured process was hogging most of the time from CPU0, leaving\nless than 0.5% of its CPU time to the kworker. The IDPF workqueues\nthat were using the kworker on CPU0 suffered large completion delays\nas a result, causing performance degradation, timeouts and eventual\nsystem crash.\n\n\n* I have also run a manual test to gauge the performance\n improvement. The test consists of an antagonist process\n (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This\n process is run under `taskset 01` to bind it to CPU0, and its\n priority is changed with `chrt -pQ 9900 10000 ${pid}` and\n `renice -n -20 ${pid}` after start.\n\n Then, the IDPF driver is forced to prefer CPU0 by editing all calls\n to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0.\n\n Finally, `ktraces` for the workqueue events are collected.\n\n Without the current patch, the antagonist process can force\n arbitrary delays between `workqueue_queue_work` and\n `workqueue_execute_start`, that in my tests were as high as\n `30ms`. With the current patch applied, the workqueue can be\n migrated to another unloaded CPU in the same node, and, keeping\n everything else equal, the maximum delay I could see was `6us`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58057",
"url": "https://www.suse.com/security/cve/CVE-2024-58057"
},
{
"category": "external",
"summary": "SUSE Bug 1238969 for CVE-2024-58057",
"url": "https://bugzilla.suse.com/1238969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58057"
},
{
"cve": "CVE-2024-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: skip dumping tnc tree when zroot is null\n\nClearing slab cache will free all znode in memory and make\nc-\u003ezroot.znode = NULL, then dumping tnc tree will access\nc-\u003ezroot.znode which cause null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58058",
"url": "https://www.suse.com/security/cve/CVE-2024-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1238979 for CVE-2024-58058",
"url": "https://bugzilla.suse.com/1238979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: prohibit deactivating all links\n\nIn the internal API this calls this is a WARN_ON, but that\nshould remain since internally we want to know about bugs\nthat may cause this. Prevent deactivating all links in the\ndebugfs write directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58061",
"url": "https://www.suse.com/security/cve/CVE-2024-58061"
},
{
"category": "external",
"summary": "SUSE Bug 1238973 for CVE-2024-58061",
"url": "https://bugzilla.suse.com/1238973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58061"
},
{
"cve": "CVE-2024-58063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: fix memory leaks and invalid access at probe error path\n\nDeinitialize at reverse order when probe fails.\n\nWhen init_sw_vars fails, rtl_deinit_core should not be called, specially\nnow that it destroys the rtl_wq workqueue.\n\nAnd call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be\nleaked.\n\nRemove pci_set_drvdata call as it will already be cleaned up by the core\ndriver code and could lead to memory leaks too. cf. commit 8d450935ae7f\n(\"wireless: rtlwifi: remove unnecessary pci_set_drvdata()\") and\ncommit 3d86b93064c7 (\"rtlwifi: Fix PCI probe error path orphaned memory\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58063",
"url": "https://www.suse.com/security/cve/CVE-2024-58063"
},
{
"category": "external",
"summary": "SUSE Bug 1238984 for CVE-2024-58063",
"url": "https://bugzilla.suse.com/1238984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read\n\nThe nvmem interface supports variable buffer sizes, while the regmap\ninterface operates with fixed-size storage. If an nvmem client uses a\nbuffer size less than 4 bytes, regmap_read will write out of bounds\nas it expects the buffer to point at an unsigned int.\n\nFix this by using an intermediary unsigned int to hold the value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58069",
"url": "https://www.suse.com/security/cve/CVE-2024-58069"
},
{
"category": "external",
"summary": "SUSE Bug 1238978 for CVE-2024-58069",
"url": "https://bugzilla.suse.com/1238978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58069"
},
{
"cve": "CVE-2024-58072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58072",
"url": "https://www.suse.com/security/cve/CVE-2024-58072"
},
{
"category": "external",
"summary": "SUSE Bug 1238964 for CVE-2024-58072",
"url": "https://bugzilla.suse.com/1238964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-sm6350: Add missing parent_map for two clocks\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for two clocks where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58076",
"url": "https://www.suse.com/security/cve/CVE-2024-58076"
},
{
"category": "external",
"summary": "SUSE Bug 1239037 for CVE-2024-58076",
"url": "https://bugzilla.suse.com/1239037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58076"
},
{
"cve": "CVE-2024-58078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors\n\nmisc_minor_alloc was allocating id using ida for minor only in case of\nMISC_DYNAMIC_MINOR but misc_minor_free was always freeing ids\nusing ida_free causing a mismatch and following warn:\n\u003e \u003e WARNING: CPU: 0 PID: 159 at lib/idr.c:525 ida_free+0x3e0/0x41f\n\u003e \u003e ida_free called for id=127 which is not allocated.\n\u003e \u003e \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\n...\n\u003e \u003e [\u003c60941eb4\u003e] ida_free+0x3e0/0x41f\n\u003e \u003e [\u003c605ac993\u003e] misc_minor_free+0x3e/0xbc\n\u003e \u003e [\u003c605acb82\u003e] misc_deregister+0x171/0x1b3\n\nmisc_minor_alloc is changed to allocate id from ida for all minors\nfalling in the range of dynamic/ misc dynamic minors",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58078",
"url": "https://www.suse.com/security/cve/CVE-2024-58078"
},
{
"category": "external",
"summary": "SUSE Bug 1239034 for CVE-2024-58078",
"url": "https://bugzilla.suse.com/1239034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58078"
},
{
"cve": "CVE-2024-58079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix crash during unbind if gpio unit is in use\n\nWe used the wrong device for the device managed functions. We used the\nusb device, when we should be using the interface device.\n\nIf we unbind the driver from the usb interface, the cleanup functions\nare never called. In our case, the IRQ is never disabled.\n\nIf an IRQ is triggered, it will try to access memory sections that are\nalready free, causing an OOPS.\n\nWe cannot use the function devm_request_threaded_irq here. The devm_*\nclean functions may be called after the main structure is released by\nuvc_delete.\n\nLuckily this bug has small impact, as it is only affected by devices\nwith gpio units and the user has to unbind the device, a disconnect will\nnot trigger this error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58079",
"url": "https://www.suse.com/security/cve/CVE-2024-58079"
},
{
"category": "external",
"summary": "SUSE Bug 1239029 for CVE-2024-58079",
"url": "https://bugzilla.suse.com/1239029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58079"
},
{
"cve": "CVE-2024-58080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: dispcc-sm6350: Add missing parent_map for a clock\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for the clock where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58080",
"url": "https://www.suse.com/security/cve/CVE-2024-58080"
},
{
"category": "external",
"summary": "SUSE Bug 1239027 for CVE-2024-58080",
"url": "https://bugzilla.suse.com/1239027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58080"
},
{
"cve": "CVE-2024-58083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Explicitly verify target vCPU is online in kvm_get_vcpu()\n\nExplicitly verify the target vCPU is fully online _prior_ to clamping the\nindex in kvm_get_vcpu(). If the index is \"bad\", the nospec clamping will\ngenerate \u00270\u0027, i.e. KVM will return vCPU0 instead of NULL.\n\nIn practice, the bug is unlikely to cause problems, as it will only come\ninto play if userspace or the guest is buggy or misbehaving, e.g. KVM may\nsend interrupts to vCPU0 instead of dropping them on the floor.\n\nHowever, returning vCPU0 when it shouldn\u0027t exist per online_vcpus is\nproblematic now that KVM uses an xarray for the vCPUs array, as KVM needs\nto insert into the xarray before publishing the vCPU to userspace (see\ncommit c5b077549136 (\"KVM: Convert the kvm-\u003evcpus array to a xarray\")),\ni.e. before vCPU creation is guaranteed to succeed.\n\nAs a result, incorrectly providing access to vCPU0 will trigger a\nuse-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu()\nbails out of vCPU creation due to an error and frees vCPU0. Commit\nafb2acb2e3a3 (\"KVM: Fix vcpu_array[0] races\") papered over that issue, but\nin doing so introduced an unsolvable teardown conundrum. Preventing\naccesses to vCPU0 before it\u0027s fully online will allow reverting commit\nafb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58083",
"url": "https://www.suse.com/security/cve/CVE-2024-58083"
},
{
"category": "external",
"summary": "SUSE Bug 1239036 for CVE-2024-58083",
"url": "https://bugzilla.suse.com/1239036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: don\u0027t emit warning in tomoyo_write_control()\n\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\nfor one can write a very very long line without new line character. To fix\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\nfor practically a valid line should be always shorter than 32KB where the\n\"too small to fail\" memory-allocation rule applies.\n\nOne might try to write a valid line that is longer than 32KB, but such\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58085",
"url": "https://www.suse.com/security/cve/CVE-2024-58085"
},
{
"category": "external",
"summary": "SUSE Bug 1239085 for CVE-2024-58085",
"url": "https://bugzilla.suse.com/1239085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2024-58086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop active perfmon if it is being destroyed\n\nIf the active performance monitor (`v3d-\u003eactive_perfmon`) is being\ndestroyed, stop it first. Currently, the active perfmon is not\nstopped during destruction, leaving the `v3d-\u003eactive_perfmon` pointer\nstale. This can lead to undefined behavior and instability.\n\nThis patch ensures that the active perfmon is stopped before being\ndestroyed, aligning with the behavior introduced in commit\n7d1fd3638ee3 (\"drm/v3d: Stop the active perfmon before being destroyed\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58086",
"url": "https://www.suse.com/security/cve/CVE-2024-58086"
},
{
"category": "external",
"summary": "SUSE Bug 1239038 for CVE-2024-58086",
"url": "https://bugzilla.suse.com/1239038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58086"
},
{
"cve": "CVE-2025-21631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix waker_bfqq UAF after bfq_split_bfqq()\n\nOur syzkaller report a following UAF for v6.6:\n\nBUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\nRead of size 8 at addr ffff8881b57147d8 by task fsstress/232726\n\nCPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\n print_report+0x3e/0x70 mm/kasan/report.c:475\n kasan_report+0xb8/0xf0 mm/kasan/report.c:588\n hlist_add_head include/linux/list.h:1023 [inline]\n bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230\n __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567\n ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947\n ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182\n ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660\n ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569\n iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91\n iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80\n ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051\n ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220\n do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811\n __do_sys_ioctl fs/ioctl.c:869 [inline]\n __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nAllocated by task 232719:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:768 [inline]\n slab_alloc_node mm/slub.c:3492 [inline]\n kmem_cache_alloc_node+0x1b8/0x6f0 mm/slub.c:3537\n bfq_get_queue+0x215/0x1f00 block/bfq-iosched.c:5869\n bfq_get_bfqq_handle_split+0x167/0x5f0 block/bfq-iosched.c:6776\n bfq_init_rq+0x13a4/0x17a0 block/bfq-iosched.c:6938\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh_nowait+0x15a/0x240 fs/ext4/super.c:217\n ext4_read_bh_lock+0xac/0xd0 fs/ext4/super.c:242\n ext4_bread_batch+0x268/0x500 fs/ext4/inode.c:958\n __ext4_find_entry+0x448/0x10f0 fs/ext4/namei.c:1671\n ext4_lookup_entry fs/ext4/namei.c:1774 [inline]\n ext4_lookup.part.0+0x359/0x6f0 fs/ext4/namei.c:1842\n ext4_lookup+0x72/0x90 fs/ext4/namei.c:1839\n __lookup_slow+0x257/0x480 fs/namei.c:1696\n lookup_slow fs/namei.c:1713 [inline]\n walk_component+0x454/0x5c0 fs/namei.c:2004\n link_path_walk.part.0+0x773/0xda0 fs/namei.c:2331\n link_path_walk fs/namei.c:3826 [inline]\n path_openat+0x1b9/0x520 fs/namei.c:3826\n do_filp_open+0x1b7/0x400 fs/namei.c:3857\n do_sys_openat2+0x5dc/0x6e0 fs/open.c:1428\n do_sys_open fs/open.c:1443 [inline]\n __do_sys_openat fs/open.c:1459 [inline]\n __se_sys_openat fs/open.c:1454 [inline]\n __x64_sys_openat+0x148/0x200 fs/open.c:1454\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_6\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21631",
"url": "https://www.suse.com/security/cve/CVE-2025-21631"
},
{
"category": "external",
"summary": "SUSE Bug 1236099 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "external",
"summary": "SUSE Bug 1236100 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the \u0027net\u0027 one can be retrieved from the listen\nsocket (if available).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21635",
"url": "https://www.suse.com/security/cve/CVE-2025-21635"
},
{
"category": "external",
"summary": "SUSE Bug 1236111 for CVE-2025-21635",
"url": "https://bugzilla.suse.com/1236111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21659",
"url": "https://www.suse.com/security/cve/CVE-2025-21659"
},
{
"category": "external",
"summary": "SUSE Bug 1236206 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "external",
"summary": "SUSE Bug 1236207 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn\u0027t.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21666",
"url": "https://www.suse.com/security/cve/CVE-2025-21666"
},
{
"category": "external",
"summary": "SUSE Bug 1236680 for CVE-2025-21666",
"url": "https://bugzilla.suse.com/1236680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21669",
"url": "https://www.suse.com/security/cve/CVE-2025-21669"
},
{
"category": "external",
"summary": "SUSE Bug 1236683 for CVE-2025-21669",
"url": "https://bugzilla.suse.com/1236683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21670",
"url": "https://www.suse.com/security/cve/CVE-2025-21670"
},
{
"category": "external",
"summary": "SUSE Bug 1236685 for CVE-2025-21670",
"url": "https://bugzilla.suse.com/1236685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21670"
},
{
"cve": "CVE-2025-21671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix potential UAF of zram table\n\nIf zram_meta_alloc failed early, it frees allocated zram-\u003etable without\nsetting it NULL. Which will potentially cause zram_meta_free to access\nthe table if user reset an failed and uninitialized device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21671",
"url": "https://www.suse.com/security/cve/CVE-2025-21671"
},
{
"category": "external",
"summary": "SUSE Bug 1236692 for CVE-2025-21671",
"url": "https://bugzilla.suse.com/1236692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21671"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clear port select structure when fail to create\n\nClear the port select structure on error so no stale values left after\ndefiners are destroyed. That\u0027s because the mlx5_lag_destroy_definers()\nalways try to destroy all lag definers in the tt_map, so in the flow\nbelow lag definers get double-destroyed and cause kernel crash:\n\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 1\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets destroyed\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 0\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets double-destroyed\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 64k pages, 48-bit VAs, pgdp=0000000112ce2e00\n [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n Modules linked in: iptable_raw bonding ip_gre ip6_gre gre ip6_tunnel tunnel6 geneve ip6_udp_tunnel udp_tunnel ipip tunnel4 ip_tunnel rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) mlx5_fwctl(OE) fwctl(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlxfw(OE) memtrack(OE) mlx_compat(OE) openvswitch nsh nf_conncount psample xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc netconsole overlay efi_pstore sch_fq_codel zram ip_tables crct10dif_ce qemu_fw_cfg fuse ipv6 crc_ccitt [last unloaded: mlx_compat(OE)]\n CPU: 3 UID: 0 PID: 217 Comm: kworker/u53:2 Tainted: G OE 6.11.0+ #2\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n lr : mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n sp : ffff800085fafb00\n x29: ffff800085fafb00 x28: ffff0000da0c8000 x27: 0000000000000000\n x26: ffff0000da0c8000 x25: ffff0000da0c8000 x24: ffff0000da0c8000\n x23: ffff0000c31f81a0 x22: 0400000000000000 x21: ffff0000da0c8000\n x20: 0000000000000000 x19: 0000000000000001 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8b0c9350\n x14: 0000000000000000 x13: ffff800081390d18 x12: ffff800081dc3cc0\n x11: 0000000000000001 x10: 0000000000000b10 x9 : ffff80007ab7304c\n x8 : ffff0000d00711f0 x7 : 0000000000000004 x6 : 0000000000000190\n x5 : ffff00027edb3010 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : ffff0000d39b8000 x1 : ffff0000d39b8000 x0 : 0400000000000000\n Call trace:\n mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n mlx5_lag_destroy_definers+0xa0/0x108 [mlx5_core]\n mlx5_lag_port_sel_create+0x2d4/0x6f8 [mlx5_core]\n mlx5_activate_lag+0x60c/0x6f8 [mlx5_core]\n mlx5_do_bond_work+0x284/0x5c8 [mlx5_core]\n process_one_work+0x170/0x3e0\n worker_thread+0x2d8/0x3e0\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n Code: a9025bf5 aa0003f6 a90363f7 f90023f9 (f9400400)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21675",
"url": "https://www.suse.com/security/cve/CVE-2025-21675"
},
{
"category": "external",
"summary": "SUSE Bug 1236694 for CVE-2025-21675",
"url": "https://bugzilla.suse.com/1236694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21675"
},
{
"cve": "CVE-2025-21678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Destroy device along with udp socket\u0027s netns dismantle.\n\ngtp_newlink() links the device to a list in dev_net(dev) instead of\nsrc_net, where a udp tunnel socket is created.\n\nEven when src_net is removed, the device stays alive on dev_net(dev).\nThen, removing src_net triggers the splat below. [0]\n\nIn this example, gtp0 is created in ns2, and the udp socket is created\nin ns1.\n\n ip netns add ns1\n ip netns add ns2\n ip -n ns1 link add netns ns2 name gtp0 type gtp role sgsn\n ip netns del ns1\n\nLet\u0027s link the device to the socket\u0027s netns instead.\n\nNow, gtp_net_exit_batch_rtnl() needs another netdev iteration to remove\nall gtp devices in the netns.\n\n[0]:\nref_tracker: net notrefcnt@000000003d6e7d05 has 1/2 users at\n sk_alloc (./include/net/net_namespace.h:345 net/core/sock.c:2236)\n inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252)\n __sock_create (net/socket.c:1558)\n udp_sock_create4 (net/ipv4/udp_tunnel_core.c:18)\n gtp_create_sock (./include/net/udp_tunnel.h:59 drivers/net/gtp.c:1423)\n gtp_create_sockets (drivers/net/gtp.c:1447)\n gtp_newlink (drivers/net/gtp.c:1507)\n rtnl_newlink (net/core/rtnetlink.c:3786 net/core/rtnetlink.c:3897 net/core/rtnetlink.c:4012)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6922)\n netlink_rcv_skb (net/netlink/af_netlink.c:2542)\n netlink_unicast (net/netlink/af_netlink.c:1321 net/netlink/af_netlink.c:1347)\n netlink_sendmsg (net/netlink/af_netlink.c:1891)\n ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2583)\n ___sys_sendmsg (net/socket.c:2639)\n __sys_sendmsg (net/socket.c:2669)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n\nWARNING: CPU: 1 PID: 60 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179)\nModules linked in:\nCPU: 1 UID: 0 PID: 60 Comm: kworker/u16:2 Not tainted 6.13.0-rc5-00147-g4c1224501e9d #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:179)\nCode: 00 00 00 fc ff df 4d 8b 26 49 bd 00 01 00 00 00 00 ad de 4c 39 f5 0f 85 df 00 00 00 48 8b 74 24 08 48 89 df e8 a5 cc 12 02 90 \u003c0f\u003e 0b 90 48 8d 6b 44 be 04 00 00 00 48 89 ef e8 80 de 67 ff 48 89\nRSP: 0018:ff11000009a07b60 EFLAGS: 00010286\nRAX: 0000000000002bd3 RBX: ff1100000f4e1aa0 RCX: 1ffffffff0e40ac6\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8423ee3c\nRBP: ff1100000f4e1af0 R08: 0000000000000001 R09: fffffbfff0e395ae\nR10: 0000000000000001 R11: 0000000000036001 R12: ff1100000f4e1af0\nR13: dead000000000100 R14: ff1100000f4e1af0 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ff1100006ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9b2464bd98 CR3: 0000000005286005 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn (kernel/panic.c:748)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\n ? handle_bug (arch/x86/kernel/traps.c:285)\n ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/asm/irqflags.h:155 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? __pfx_ref_tracker_dir_exit (lib/ref_tracker.c:158)\n ? kfree (mm/slub.c:4613 mm/slub.c:4761)\n net_free (net/core/net_namespace.c:476 net/core/net_namespace.c:467)\n cleanup_net (net/core/net_namespace.c:664 (discriminator 3))\n process_one_work (kernel/workqueue.c:3229)\n worker_thread (kernel/workqueue.c:3304 kernel/workqueue.c:3391\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21678",
"url": "https://www.suse.com/security/cve/CVE-2025-21678"
},
{
"category": "external",
"summary": "SUSE Bug 1236698 for CVE-2025-21678",
"url": "https://bugzilla.suse.com/1236698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21678"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: properly synchronize freeing resources during CPU hotunplug\n\nIn zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the\ncurrent CPU at the beginning of the operation is retrieved and used\nthroughout. However, since neither preemption nor migration are disabled,\nit is possible that the operation continues on a different CPU.\n\nIf the original CPU is hotunplugged while the acomp_ctx is still in use,\nwe run into a UAF bug as some of the resources attached to the acomp_ctx\nare freed during hotunplug in zswap_cpu_comp_dead() (i.e. \nacomp_ctx.buffer, acomp_ctx.req, or acomp_ctx.acomp).\n\nThe problem was introduced in commit 1ec3b5fe6eec (\"mm/zswap: move to use\ncrypto_acomp API for hardware acceleration\") when the switch to the\ncrypto_acomp API was made. Prior to that, the per-CPU crypto_comp was\nretrieved using get_cpu_ptr() which disables preemption and makes sure the\nCPU cannot go away from under us. Preemption cannot be disabled with the\ncrypto_acomp API as a sleepable context is needed.\n\nUse the acomp_ctx.mutex to synchronize CPU hotplug callbacks allocating\nand freeing resources with compression/decompression paths. Make sure\nthat acomp_ctx.req is NULL when the resources are freed. In the\ncompression/decompression paths, check if acomp_ctx.req is NULL after\nacquiring the mutex (meaning the CPU was offlined) and retry on the new\nCPU.\n\nThe initialization of acomp_ctx.mutex is moved from the CPU hotplug\ncallback to the pool initialization where it belongs (where the mutex is\nallocated). In addition to adding clarity, this makes sure that CPU\nhotplug cannot reinitialize a mutex that is already locked by\ncompression/decompression.\n\nPreviously a fix was attempted by holding cpus_read_lock() [1]. This\nwould have caused a potential deadlock as it is possible for code already\nholding the lock to fall into reclaim and enter zswap (causing a\ndeadlock). A fix was also attempted using SRCU for synchronization, but\nJohannes pointed out that synchronize_srcu() cannot be used in CPU hotplug\nnotifiers [2].\n\nAlternative fixes that were considered/attempted and could have worked:\n- Refcounting the per-CPU acomp_ctx. This involves complexity in\n handling the race between the refcount dropping to zero in\n zswap_[de]compress() and the refcount being re-initialized when the\n CPU is onlined.\n- Disabling migration before getting the per-CPU acomp_ctx [3], but\n that\u0027s discouraged and is a much bigger hammer than needed, and could\n result in subtle performance issues.\n\n[1]https://lkml.kernel.org/20241219212437.2714151-1-yosryahmed@google.com/\n[2]https://lkml.kernel.org/20250107074724.1756696-2-yosryahmed@google.com/\n[3]https://lkml.kernel.org/20250107222236.2715883-2-yosryahmed@google.com/\n\n[yosryahmed@google.com: remove comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21693",
"url": "https://www.suse.com/security/cve/CVE-2025-21693"
},
{
"category": "external",
"summary": "SUSE Bug 1237029 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "external",
"summary": "SUSE Bug 1237047 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21701",
"url": "https://www.suse.com/security/cve/CVE-2025-21701"
},
{
"category": "external",
"summary": "SUSE Bug 1237164 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "external",
"summary": "SUSE Bug 1245805 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1245805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\nqdisc becomes empty, therefore we need to reduce the backlog of the\nchild qdisc before calling it. Otherwise it would miss the opportunity\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\nsince DRR uses -\u003eqlen_notify() to maintain its active list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21703",
"url": "https://www.suse.com/security/cve/CVE-2025-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1237313 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "external",
"summary": "SUSE Bug 1245796 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1245796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can\u0027t\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm-\u003enb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device\u0027s vendor/product IDs and\nits other interfaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21704",
"url": "https://www.suse.com/security/cve/CVE-2025-21704"
},
{
"category": "external",
"summary": "SUSE Bug 1237571 for CVE-2025-21704",
"url": "https://bugzilla.suse.com/1237571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only set fullmesh for subflow endp\n\nWith the in-kernel path-manager, it is possible to change the \u0027fullmesh\u0027\nflag. The code in mptcp_pm_nl_fullmesh() expects to change it only on\n\u0027subflow\u0027 endpoints, to recreate more or less subflows using the linked\naddress.\n\nUnfortunately, the set_flags() hook was a bit more permissive, and\nallowed \u0027implicit\u0027 endpoints to get the \u0027fullmesh\u0027 flag while it is not\nallowed before.\n\nThat\u0027s what syzbot found, triggering the following warning:\n\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Modules linked in:\n CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 \u003c0f\u003e 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48\n RSP: 0018:ffffc9000d307240 EFLAGS: 00010293\n RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e\n R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0\n R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d\n FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f5fe8785d29\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29\n RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007\n RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21706",
"url": "https://www.suse.com/security/cve/CVE-2025-21706"
},
{
"category": "external",
"summary": "SUSE Bug 1238528 for CVE-2025-21706",
"url": "https://bugzilla.suse.com/1238528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: rtl8150: enable basic endpoint checking\n\nSyzkaller reports [1] encountering a common issue of utilizing a wrong\nusb endpoint type during URB submitting stage. This, in turn, triggers\na warning shown below.\n\nFor now, enable simple endpoint checking (specifically, bulk and\ninterrupt eps, testing control one is not essential) to mitigate\nthe issue with a view to do other related cosmetic changes later,\nif they are necessary.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv\u003e\nModules linked in:\nCPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617\u003e\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nCode: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8\u003e\nRSP: 0018:ffffc9000441f740 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9\nRDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001\nRBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c\nFS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733\n __dev_open+0x2d4/0x4e0 net/core/dev.c:1474\n __dev_change_flags+0x561/0x720 net/core/dev.c:8838\n dev_change_flags+0x8f/0x160 net/core/dev.c:8910\n devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177\n inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003\n sock_do_ioctl+0x116/0x280 net/socket.c:1222\n sock_ioctl+0x22e/0x6c0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fc04ef73d49\n...\n\nThis change has not been tested on real hardware.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21708",
"url": "https://www.suse.com/security/cve/CVE-2025-21708"
},
{
"category": "external",
"summary": "SUSE Bug 1239087 for CVE-2025-21708",
"url": "https://bugzilla.suse.com/1239087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rose: prevent integer overflows in rose_setsockopt()\n\nIn case of possible unpredictably large arguments passed to\nrose_setsockopt() and multiplied by extra values on top of that,\ninteger overflows may occur.\n\nDo the safest minimum and fix these issues by checking the\ncontents of \u0027opt\u0027 and returning -EINVAL if they are too large. Also,\nswitch to unsigned int and remove useless check for negative \u0027opt\u0027\nin ROSE_IDLE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21711",
"url": "https://www.suse.com/security/cve/CVE-2025-21711"
},
{
"category": "external",
"summary": "SUSE Bug 1239114 for CVE-2025-21711",
"url": "https://bugzilla.suse.com/1239114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP use after free\n\nPrevent double queueing of implicit ODP mr destroy work by using\n__xa_cmpxchg() to make sure this is the only time we are destroying this\nspecific mr.\n\nWithout this change, we could try to invalidate this mr twice, which in\nturn could result in queuing a MR work destroy twice, and eventually the\nsecond work could execute after the MR was freed due to the first work,\ncausing a user after free and trace below.\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130\n Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\n CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]\n RIP: 0010:refcount_warn_saturate+0x12b/0x130\n Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff \u003c0f\u003e 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff\n RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027\n RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0\n RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019\n R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00\n R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0\n FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0x12b/0x130\n free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]\n process_one_work+0x1cc/0x3c0\n worker_thread+0x218/0x3c0\n kthread+0xc6/0xf0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21714",
"url": "https://www.suse.com/security/cve/CVE-2025-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1237890 for CVE-2025-21714",
"url": "https://bugzilla.suse.com/1237890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: fix timer races against user threads\n\nRose timers only acquire the socket spinlock, without\nchecking if the socket is owned by one user thread.\n\nAdd a check and rearm the timers if needed.\n\nBUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\nRead of size 2 at addr ffff88802f09b82a by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\n call_timer_fn+0x187/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430\n run_timer_base kernel/time/timer.c:2439 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21718",
"url": "https://www.suse.com/security/cve/CVE-2025-21718"
},
{
"category": "external",
"summary": "SUSE Bug 1239073 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "external",
"summary": "SUSE Bug 1239074 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix possible crash when setting up bsg fails\n\nIf bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.\nConsequently, in mpi3mr_bsg_exit(), the condition \"if(!mrioc-\u003ebsg_queue)\"\nwill not be satisfied, preventing execution from entering\nbsg_remove_queue(), which could lead to the following crash:\n\nBUG: kernel NULL pointer dereference, address: 000000000000041c\nCall Trace:\n \u003cTASK\u003e\n mpi3mr_bsg_exit+0x1f/0x50 [mpi3mr]\n mpi3mr_remove+0x6f/0x340 [mpi3mr]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x19d/0x220\n unbind_store+0xa4/0xb0\n kernfs_fop_write_iter+0x11f/0x200\n vfs_write+0x1fc/0x3e0\n ksys_write+0x67/0xe0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0xe2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21723",
"url": "https://www.suse.com/security/cve/CVE-2025-21723"
},
{
"category": "external",
"summary": "SUSE Bug 1238864 for CVE-2025-21723",
"url": "https://bugzilla.suse.com/1238864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: avoid UAF for reorder_work\n\nAlthough the previous patch can avoid ps and ps UAF for _do_serial, it\ncan not avoid potential UAF issue for reorder_work. This issue can\nhappen just as below:\n\ncrypto_request\t\t\tcrypto_request\t\tcrypto_del_alg\npadata_do_serial\n ...\n padata_reorder\n // processes all remaining\n // requests then breaks\n while (1) {\n if (!padata)\n break;\n ...\n }\n\n\t\t\t\tpadata_do_serial\n\t\t\t\t // new request added\n\t\t\t\t list_add\n // sees the new request\n queue_work(reorder_work)\n\t\t\t\t padata_reorder\n\t\t\t\t queue_work_on(squeue-\u003ework)\n...\n\n\t\t\t\t\u003ckworker context\u003e\n\t\t\t\tpadata_serial_worker\n\t\t\t\t// completes new request,\n\t\t\t\t// no more outstanding\n\t\t\t\t// requests\n\n\t\t\t\t\t\t\tcrypto_del_alg\n\t\t\t\t\t\t\t // free pd\n\n\u003ckworker context\u003e\ninvoke_padata_reorder\n // UAF of pd\n\nTo avoid UAF for \u0027reorder_work\u0027, get \u0027pd\u0027 ref before put \u0027reorder_work\u0027\ninto the \u0027serial_wq\u0027 and put \u0027pd\u0027 ref until the \u0027serial_wq\u0027 finish.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21726",
"url": "https://www.suse.com/security/cve/CVE-2025-21726"
},
{
"category": "external",
"summary": "SUSE Bug 1238865 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "external",
"summary": "SUSE Bug 1240837 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1240837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: fix UAF in padata_reorder\n\nA bug was found when run ltp test:\n\nBUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0\nRead of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206\n\nCPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+\nWorkqueue: pdecrypt_parallel padata_parallel_worker\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x32/0x50\nprint_address_description.constprop.0+0x6b/0x3d0\nprint_report+0xdd/0x2c0\nkasan_report+0xa5/0xd0\npadata_find_next+0x29/0x1a0\npadata_reorder+0x131/0x220\npadata_parallel_worker+0x3d/0xc0\nprocess_one_work+0x2ec/0x5a0\n\nIf \u0027mdelay(10)\u0027 is added before calling \u0027padata_find_next\u0027 in the\n\u0027padata_reorder\u0027 function, this issue could be reproduced easily with\nltp test (pcrypt_aead01).\n\nThis can be explained as bellow:\n\npcrypt_aead_encrypt\n...\npadata_do_parallel\nrefcount_inc(\u0026pd-\u003erefcnt); // add refcnt\n...\npadata_do_serial\npadata_reorder // pd\nwhile (1) {\npadata_find_next(pd, true); // using pd\nqueue_work_on\n...\npadata_serial_worker\t\t\t\tcrypto_del_alg\npadata_put_pd_cnt // sub refcnt\n\t\t\t\t\t\tpadata_free_shell\n\t\t\t\t\t\tpadata_put_pd(ps-\u003epd);\n\t\t\t\t\t\t// pd is freed\n// loop again, but pd is freed\n// call padata_find_next, UAF\n}\n\nIn the padata_reorder function, when it loops in \u0027while\u0027, if the alg is\ndeleted, the refcnt may be decreased to 0 before entering\n\u0027padata_find_next\u0027, which leads to UAF.\n\nAs mentioned in [1], do_serial is supposed to be called with BHs disabled\nand always happen under RCU protection, to address this issue, add\nsynchronize_rcu() in \u0027padata_free_shell\u0027 wait for all _do_serial calls\nto finish.\n\n[1] https://lore.kernel.org/all/20221028160401.cccypv4euxikusiq@parnassus.localdomain/\n[2] https://lore.kernel.org/linux-kernel/jfjz5d7zwbytztackem7ibzalm5lnxldi2eofeiczqmqs2m7o6@fq426cwnjtkm/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21727",
"url": "https://www.suse.com/security/cve/CVE-2025-21727"
},
{
"category": "external",
"summary": "SUSE Bug 1237876 for CVE-2025-21727",
"url": "https://bugzilla.suse.com/1237876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: don\u0027t allow reconnect after disconnect\n\nFollowing process can cause nbd_config UAF:\n\n1) grab nbd_config temporarily;\n\n2) nbd_genl_disconnect() flush all recv_work() and release the\ninitial reference:\n\n nbd_genl_disconnect\n nbd_disconnect_and_put\n nbd_disconnect\n flush_workqueue(nbd-\u003erecv_workq)\n if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...))\n nbd_config_put\n -\u003e due to step 1), reference is still not zero\n\n3) nbd_genl_reconfigure() queue recv_work() again;\n\n nbd_genl_reconfigure\n config = nbd_get_config_unlocked(nbd)\n if (!config)\n -\u003e succeed\n if (!test_bit(NBD_RT_BOUND, ...))\n -\u003e succeed\n nbd_reconnect_socket\n queue_work(nbd-\u003erecv_workq, \u0026args-\u003ework)\n\n4) step 1) release the reference;\n\n5) Finially, recv_work() will trigger UAF:\n\n recv_work\n nbd_config_put(nbd)\n -\u003e nbd_config is freed\n atomic_dec(\u0026config-\u003erecv_threads)\n -\u003e UAF\n\nFix the problem by clearing NBD_RT_BOUND in nbd_genl_disconnect(), so\nthat nbd_genl_reconfigure() will fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21731",
"url": "https://www.suse.com/security/cve/CVE-2025-21731"
},
{
"category": "external",
"summary": "SUSE Bug 1237881 for CVE-2025-21731",
"url": "https://bugzilla.suse.com/1237881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error\n\nThis patch addresses a race condition for an ODP MR that can result in a\nCQE with an error on the UMR QP.\n\nDuring the __mlx5_ib_dereg_mr() flow, the following sequence of calls\noccurs:\n\nmlx5_revoke_mr()\n mlx5r_umr_revoke_mr()\n mlx5r_umr_post_send_wait()\n\nAt this point, the lkey is freed from the hardware\u0027s perspective.\n\nHowever, concurrently, mlx5_ib_invalidate_range() might be triggered by\nanother task attempting to invalidate a range for the same freed lkey.\n\nThis task will:\n - Acquire the umem_odp-\u003eumem_mutex lock.\n - Call mlx5r_umr_update_xlt() on the UMR QP.\n - Since the lkey has already been freed, this can lead to a CQE error,\n causing the UMR QP to enter an error state [1].\n\nTo resolve this race condition, the umem_odp-\u003eumem_mutex lock is now also\nacquired as part of the mlx5_revoke_mr() scope. Upon successful revoke,\nwe set umem_odp-\u003eprivate which points to that MR to NULL, preventing any\nfurther invalidation attempts on its lkey.\n\n[1] From dmesg:\n\n infiniband rocep8s0f0: dump_cqe:277:(pid 0): WC error: 6, Message: memory bind operation error\n cqe_dump: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000030: 00 00 00 00 08 00 78 06 25 00 11 b9 00 0e dd d2\n\n WARNING: CPU: 15 PID: 1506 at drivers/infiniband/hw/mlx5/umr.c:394 mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n Modules linked in: ip6table_mangle ip6table_natip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\n CPU: 15 UID: 0 PID: 1506 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1626\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n [..]\n Call Trace:\n \u003cTASK\u003e\n mlx5r_umr_update_xlt+0x23c/0x3e0 [mlx5_ib]\n mlx5_ib_invalidate_range+0x2e1/0x330 [mlx5_ib]\n __mmu_notifier_invalidate_range_start+0x1e1/0x240\n zap_page_range_single+0xf1/0x1a0\n madvise_vma_behavior+0x677/0x6e0\n do_madvise+0x1a2/0x4b0\n __x64_sys_madvise+0x25/0x30\n do_syscall_64+0x6b/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21732",
"url": "https://www.suse.com/security/cve/CVE-2025-21732"
},
{
"category": "external",
"summary": "SUSE Bug 1237877 for CVE-2025-21732",
"url": "https://bugzilla.suse.com/1237877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix resetting of tracepoints\n\nIf a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD\ndisabled, but then that option is enabled and timerlat is removed, the\ntracepoints that were enabled on timerlat registration do not get\ndisabled. If the option is disabled again and timelat is started, then it\ntriggers a warning in the tracepoint code due to registering the\ntracepoint again without ever disabling it.\n\nDo not use the same user space defined options to know to disable the\ntracepoints when timerlat is removed. Instead, set a global flag when it\nis enabled and use that flag to know to disable the events.\n\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n ~# echo OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo nop \u003e /sys/kernel/tracing/current_tracer\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n\nTriggers:\n\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0\n Modules linked in:\n CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:tracepoint_add_func+0x3b6/0x3f0\n Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff \u003c0f\u003e 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b\n RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202\n RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410\n RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002\n R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001\n R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008\n FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __warn.cold+0xb7/0x14d\n ? tracepoint_add_func+0x3b6/0x3f0\n ? report_bug+0xea/0x170\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? tracepoint_add_func+0x3b6/0x3f0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n tracepoint_probe_register+0x78/0xb0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n osnoise_workload_start+0x2b5/0x370\n timerlat_tracer_init+0x76/0x1b0\n tracing_set_tracer+0x244/0x400\n tracing_set_trace_write+0xa0/0xe0\n vfs_write+0xfc/0x570\n ? do_sys_openat2+0x9c/0xe0\n ksys_write+0x72/0xf0\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21733",
"url": "https://www.suse.com/security/cve/CVE-2025-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1238494 for CVE-2025-21733",
"url": "https://bugzilla.suse.com/1238494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix copy buffer page size\n\nFor non-registered buffer, fastrpc driver copies the buffer and\npass it to the remote subsystem. There is a problem with current\nimplementation of page size calculation which is not considering\nthe offset in the calculation. This might lead to passing of\nimproper and out-of-bounds page size which could result in\nmemory issue. Calculate page start and page end using the offset\nadjusted address instead of absolute address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21734",
"url": "https://www.suse.com/security/cve/CVE-2025-21734"
},
{
"category": "external",
"summary": "SUSE Bug 1238734 for CVE-2025-21734",
"url": "https://bugzilla.suse.com/1238734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Add bounds checking in nci_hci_create_pipe()\n\nThe \"pipe\" variable is a u8 which comes from the network. If it\u0027s more\nthan 127, then it results in memory corruption in the caller,\nnci_hci_connect_gate().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21735",
"url": "https://www.suse.com/security/cve/CVE-2025-21735"
},
{
"category": "external",
"summary": "SUSE Bug 1238497 for CVE-2025-21735",
"url": "https://bugzilla.suse.com/1238497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix possible int overflows in nilfs_fiemap()\n\nSince nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result\nby being prepared to go through potentially maxblocks == INT_MAX blocks,\nthe value in n may experience an overflow caused by left shift of blkbits.\n\nWhile it is extremely unlikely to occur, play it safe and cast right hand\nexpression to wider type to mitigate the issue.\n\nFound by Linux Verification Center (linuxtesting.org) with static analysis\ntool SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21736",
"url": "https://www.suse.com/security/cve/CVE-2025-21736"
},
{
"category": "external",
"summary": "SUSE Bug 1238715 for CVE-2025-21736",
"url": "https://bugzilla.suse.com/1238715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix use-after free in init error and remove paths\n\ndevm_blk_crypto_profile_init() registers a cleanup handler to run when\nthe associated (platform-) device is being released. For UFS, the\ncrypto private data and pointers are stored as part of the ufs_hba\u0027s\ndata structure \u0027struct ufs_hba::crypto_profile\u0027. This structure is\nallocated as part of the underlying ufshcd and therefore Scsi_host\nallocation.\n\nDuring driver release or during error handling in ufshcd_pltfrm_init(),\nthis structure is released as part of ufshcd_dealloc_host() before the\n(platform-) device associated with the crypto call above is released.\nOnce this device is released, the crypto cleanup code will run, using\nthe just-released \u0027struct ufs_hba::crypto_profile\u0027. This causes a\nuse-after-free situation:\n\n Call trace:\n kfree+0x60/0x2d8 (P)\n kvfree+0x44/0x60\n blk_crypto_profile_destroy_callback+0x28/0x70\n devm_action_release+0x1c/0x30\n release_nodes+0x6c/0x108\n devres_release_all+0x98/0x100\n device_unbind_cleanup+0x20/0x70\n really_probe+0x218/0x2d0\n\nIn other words, the initialisation code flow is:\n\n platform-device probe\n ufshcd_pltfrm_init()\n ufshcd_alloc_host()\n scsi_host_alloc()\n allocation of struct ufs_hba\n creation of scsi-host devices\n devm_blk_crypto_profile_init()\n devm registration of cleanup handler using platform-device\n\nand during error handling of ufshcd_pltfrm_init() or during driver\nremoval:\n\n ufshcd_dealloc_host()\n scsi_host_put()\n put_device(scsi-host)\n release of struct ufs_hba\n put_device(platform-device)\n crypto cleanup handler\n\nTo fix this use-after free, change ufshcd_alloc_host() to register a\ndevres action to automatically cleanup the underlying SCSI device on\nufshcd destruction, without requiring explicit calls to\nufshcd_dealloc_host(). This way:\n\n * the crypto profile and all other ufs_hba-owned resources are\n destroyed before SCSI (as they\u0027ve been registered after)\n * a memleak is plugged in tc-dwc-g210-pci.c remove() as a\n side-effect\n * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as\n it\u0027s not needed anymore\n * no future drivers using ufshcd_alloc_host() could ever forget\n adding the cleanup",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21739",
"url": "https://www.suse.com/security/cve/CVE-2025-21739"
},
{
"category": "external",
"summary": "SUSE Bug 1238506 for CVE-2025-21739",
"url": "https://bugzilla.suse.com/1238506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix DPE OoB read\n\nFix an out-of-bounds DPE read, limit the number of processed DPEs to\nthe amount that fits into the fixed-size NDP16 header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21741",
"url": "https://www.suse.com/security/cve/CVE-2025-21741"
},
{
"category": "external",
"summary": "SUSE Bug 1238767 for CVE-2025-21741",
"url": "https://bugzilla.suse.com/1238767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: use static NDP16 location in URB\n\nOriginal code allowed for the start of NDP16 to be anywhere within the\nURB based on the `wNdpIndex` value in NTH16. Only the start position of\nNDP16 was checked, so it was possible for even the fixed-length part\nof NDP16 to extend past the end of URB, leading to an out-of-bounds\nread.\n\nOn iOS devices, the NDP16 header always directly follows NTH16. Rely on\nand check for this specific format.\n\nThis, along with NCM-specific minimal URB length check that already\nexists, will ensure that the fixed-length part of NDP16 plus a set\namount of DPEs fit within the URB.\n\nNote that this commit alone does not fully address the OoB read.\nThe limit on the amount of DPEs needs to be enforced separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21742",
"url": "https://www.suse.com/security/cve/CVE-2025-21742"
},
{
"category": "external",
"summary": "SUSE Bug 1238771 for CVE-2025-21742",
"url": "https://bugzilla.suse.com/1238771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix possible overflow in DPE length check\n\nOriginally, it was possible for the DPE length check to overflow if\nwDatagramIndex + wDatagramLength \u003e U16_MAX. This could lead to an OoB\nread.\n\nMove the wDatagramIndex term to the other side of the inequality.\n\nAn existing condition ensures that wDatagramIndex \u003c urb-\u003eactual_length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21743",
"url": "https://www.suse.com/security/cve/CVE-2025-21743"
},
{
"category": "external",
"summary": "SUSE Bug 1238781 for CVE-2025-21743",
"url": "https://bugzilla.suse.com/1238781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()\n\nOn removal of the device or unloading of the kernel module a potential NULL\npointer dereference occurs.\n\nThe following sequence deletes the interface:\n\n brcmf_detach()\n brcmf_remove_interface()\n brcmf_del_if()\n\nInside the brcmf_del_if() function the drvr-\u003eif2bss[ifidx] is updated to\nBRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.\n\nAfter brcmf_remove_interface() call the brcmf_proto_detach() function is\ncalled providing the following sequence:\n\n brcmf_detach()\n brcmf_proto_detach()\n brcmf_proto_msgbuf_detach()\n brcmf_flowring_detach()\n brcmf_msgbuf_delete_flowring()\n brcmf_msgbuf_remove_flowring()\n brcmf_flowring_delete()\n brcmf_get_ifp()\n brcmf_txfinalize()\n\nSince brcmf_get_ip() can and actually will return NULL in this case the\ncall to brcmf_txfinalize() will result in a NULL pointer dereference inside\nbrcmf_txfinalize() when trying to update ifp-\u003endev-\u003estats.tx_errors.\n\nThis will only happen if a flowring still has an skb.\n\nAlthough the NULL pointer dereference has only been seen when trying to\nupdate the tx statistic, all other uses of the ifp pointer have been\nguarded as well with an early return if ifp is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21744",
"url": "https://www.suse.com/security/cve/CVE-2025-21744"
},
{
"category": "external",
"summary": "SUSE Bug 1238903 for CVE-2025-21744",
"url": "https://bugzilla.suse.com/1238903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\n\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\nclass_dev_iter_(init|next)(), but does not end iterating with\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\n\nFix by ending the iterating with class_dev_iter_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21745",
"url": "https://www.suse.com/security/cve/CVE-2025-21745"
},
{
"category": "external",
"summary": "SUSE Bug 1238785 for CVE-2025-21745",
"url": "https://bugzilla.suse.com/1238785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: lock the socket in rose_bind()\n\nsyzbot reported a soft lockup in rose_loopback_timer(),\nwith a repro calling bind() from multiple threads.\n\nrose_bind() must lock the socket to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21749",
"url": "https://www.suse.com/security/cve/CVE-2025-21749"
},
{
"category": "external",
"summary": "SUSE Bug 1238904 for CVE-2025-21749",
"url": "https://bugzilla.suse.com/1238904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "low"
}
],
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the return value of of_property_read_string_index()\n\nSomewhen between 6.10 and 6.11 the driver started to crash on my\nMacBookPro14,3. The property doesn\u0027t exist and \u0027tmp\u0027 remains\nuninitialized, so we pass a random pointer to devm_kstrdup().\n\nThe crash I am getting looks like this:\n\nBUG: unable to handle page fault for address: 00007f033c669379\nPF: supervisor read access in kernel mode\nPF: error_code(0x0001) - permissions violation\nPGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025\nOops: Oops: 0001 [#1] SMP PTI\nCPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1\nHardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024\nRIP: 0010:strlen+0x4/0x30\nCode: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c80\u003e 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc\nRSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202\nRAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001\nRDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379\nRBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a\nR10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8\nR13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30\nFS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x149/0x4c0\n ? raw_spin_rq_lock_nested+0xe/0x20\n ? sched_balance_newidle+0x22b/0x3c0\n ? update_load_avg+0x78/0x770\n ? exc_page_fault+0x6f/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_pci_conf1_write+0x10/0x10\n ? strlen+0x4/0x30\n devm_kstrdup+0x25/0x70\n brcmf_of_probe+0x273/0x350 [brcmfmac]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21750",
"url": "https://www.suse.com/security/cve/CVE-2025-21750"
},
{
"category": "external",
"summary": "SUSE Bug 1238905 for CVE-2025-21750",
"url": "https://bugzilla.suse.com/1238905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it\u0027s aborted,\nwe read its \u0027aborted\u0027 field after unlocking fs_info-\u003etrans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its \u0027aborted\u0027 field, leading to a use-after-free.\n\nFix this by reading the \u0027aborted\u0027 field while holding fs_info-\u003etrans_lock\nsince any freeing task must first acquire that lock and set\nfs_info-\u003erunning_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21753",
"url": "https://www.suse.com/security/cve/CVE-2025-21753"
},
{
"category": "external",
"summary": "SUSE Bug 1237875 for CVE-2025-21753",
"url": "https://bugzilla.suse.com/1237875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion failure when splitting ordered extent after transaction abort\n\nIf while we are doing a direct IO write a transaction abort happens, we\nmark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done\nat btrfs_destroy_ordered_extents()), and then after that if we enter\nbtrfs_split_ordered_extent() and the ordered extent has bytes left\n(meaning we have a bio that doesn\u0027t cover the whole ordered extent, see\ndetails at btrfs_extract_ordered_extent()), we will fail on the following\nassertion at btrfs_split_ordered_extent():\n\n ASSERT(!(flags \u0026 ~BTRFS_ORDERED_TYPE_FLAGS));\n\nbecause the BTRFS_ORDERED_IOERR flag is set and the definition of\nBTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the\ntype of write (regular, nocow, prealloc, compressed, direct IO, encoded).\n\nFix this by returning an error from btrfs_extract_ordered_extent() if we\nfind the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will\nbe the error that resulted in the transaction abort or -EIO if no\ntransaction abort happened.\n\nThis was recently reported by syzbot with the following trace:\n\n FAULT_INJECTION: forcing a failure.\n name failslab, interval 1, probability 0, space 0, times 1\n CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n fail_dump lib/fault-inject.c:53 [inline]\n should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154\n should_failslab+0xac/0x100 mm/failslab.c:46\n slab_pre_alloc_hook mm/slub.c:4072 [inline]\n slab_alloc_node mm/slub.c:4148 [inline]\n __do_kmalloc_node mm/slub.c:4297 [inline]\n __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742\n reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292\n check_system_chunk fs/btrfs/block-group.c:4319 [inline]\n do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]\n btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187\n find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]\n find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579\n btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672\n btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]\n btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321\n btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525\n iomap_iter+0x697/0xf60 fs/iomap/iter.c:90\n __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702\n btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]\n btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880\n btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_pwritev fs/read_write.c:1146 [inline]\n __do_sys_pwritev2 fs/read_write.c:1204 [inline]\n __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f1281f85d29\n RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148\n RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29\n RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005\n RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003\n R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002\n R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328\n \u003c/TASK\u003e\n BTRFS error (device loop0 state A): Transaction aborted (error -12)\n BTRFS: error (device loop0 state A\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21754",
"url": "https://www.suse.com/security/cve/CVE-2025-21754"
},
{
"category": "external",
"summary": "SUSE Bug 1238496 for CVE-2025-21754",
"url": "https://bugzilla.suse.com/1238496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Keep the binding until socket destruction\n\nPreserve sockets bindings; this includes both resulting from an explicit\nbind() and those implicitly bound through autobind during connect().\n\nPrevents socket unbinding during a transport reassignment, which fixes a\nuse-after-free:\n\n 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2)\n 2. transport-\u003erelease() calls vsock_remove_bound() without checking if\n sk was bound and moved to bound list (refcnt=1)\n 3. vsock_bind() assumes sk is in unbound list and before\n __vsock_insert_bound(vsock_bound_sockets()) calls\n __vsock_remove_bound() which does:\n list_del_init(\u0026vsk-\u003ebound_table); // nop\n sock_put(\u0026vsk-\u003esk); // refcnt=0\n\nBUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730\nRead of size 4 at addr ffff88816b46a74c by task a.out/2057\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n __vsock_bind+0x62e/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAllocated by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n __vsock_create.constprop.0+0x2e/0xb60\n vsock_create+0xe4/0x420\n __sock_create+0x241/0x650\n __sys_socket+0xf2/0x1a0\n __x64_sys_socket+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n __vsock_bind+0x5e1/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150\nRIP: 0010:refcount_warn_saturate+0xce/0x150\n __vsock_bind+0x66d/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150\nRIP: 0010:refcount_warn_saturate+0xee/0x150\n vsock_remove_bound+0x187/0x1e0\n __vsock_release+0x383/0x4a0\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x359/0xa80\n task_work_run+0x107/0x1d0\n do_exit+0x847/0x2560\n do_group_exit+0xb8/0x250\n __x64_sys_exit_group+0x3a/0x50\n x64_sys_call+0xfec/0x14f0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21756",
"url": "https://www.suse.com/security/cve/CVE-2025-21756"
},
{
"category": "external",
"summary": "SUSE Bug 1238876 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "external",
"summary": "SUSE Bug 1245795 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1245795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: extend RCU protection in igmp6_send()\n\nigmp6_send() can be called without RTNL or RCU being held.\n\nExtend RCU protection so that we can safely fetch the net pointer\nand avoid a potential UAF.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21759",
"url": "https://www.suse.com/security/cve/CVE-2025-21759"
},
{
"category": "external",
"summary": "SUSE Bug 1238738 for CVE-2025-21759",
"url": "https://bugzilla.suse.com/1238738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21760",
"url": "https://www.suse.com/security/cve/CVE-2025-21760"
},
{
"category": "external",
"summary": "SUSE Bug 1238763 for CVE-2025-21760",
"url": "https://bugzilla.suse.com/1238763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: use RCU protection in ovs_vport_cmd_fill_info()\n\novs_vport_cmd_fill_info() can be called without RTNL or RCU.\n\nUse RCU protection and dev_net_rcu() to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21761",
"url": "https://www.suse.com/security/cve/CVE-2025-21761"
},
{
"category": "external",
"summary": "SUSE Bug 1238775 for CVE-2025-21761",
"url": "https://bugzilla.suse.com/1238775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: use RCU protection in arp_xmit()\n\narp_xmit() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21762",
"url": "https://www.suse.com/security/cve/CVE-2025-21762"
},
{
"category": "external",
"summary": "SUSE Bug 1238780 for CVE-2025-21762",
"url": "https://bugzilla.suse.com/1238780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: use RCU protection in __neigh_notify()\n\n__neigh_notify() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21763",
"url": "https://www.suse.com/security/cve/CVE-2025-21763"
},
{
"category": "external",
"summary": "SUSE Bug 1237897 for CVE-2025-21763",
"url": "https://bugzilla.suse.com/1237897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21764",
"url": "https://www.suse.com/security/cve/CVE-2025-21764"
},
{
"category": "external",
"summary": "SUSE Bug 1237885 for CVE-2025-21764",
"url": "https://bugzilla.suse.com/1237885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU protection in ip6_default_advmss()\n\nip6_default_advmss() needs rcu protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21765",
"url": "https://www.suse.com/security/cve/CVE-2025-21765"
},
{
"category": "external",
"summary": "SUSE Bug 1237906 for CVE-2025-21765",
"url": "https://bugzilla.suse.com/1237906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: use RCU protection in __ip_rt_update_pmtu()\n\n__ip_rt_update_pmtu() must use RCU protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21766",
"url": "https://www.suse.com/security/cve/CVE-2025-21766"
},
{
"category": "external",
"summary": "SUSE Bug 1238754 for CVE-2025-21766",
"url": "https://bugzilla.suse.com/1238754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21772",
"url": "https://www.suse.com/security/cve/CVE-2025-21772"
},
{
"category": "external",
"summary": "SUSE Bug 1238911 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "external",
"summary": "SUSE Bug 1238912 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial\n\nThe driver assumed that es58x_dev-\u003eudev-\u003eserial could never be NULL.\nWhile this is true on commercially available devices, an attacker\ncould spoof the device identity providing a NULL USB serial number.\nThat would trigger a NULL pointer dereference.\n\nAdd a check on es58x_dev-\u003eudev-\u003eserial before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21773",
"url": "https://www.suse.com/security/cve/CVE-2025-21773"
},
{
"category": "external",
"summary": "SUSE Bug 1238762 for CVE-2025-21773",
"url": "https://bugzilla.suse.com/1238762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ctucanfd: handle skb allocation failure\n\nIf skb allocation fails, the pointer to struct can_frame is NULL. This\nis actually handled everywhere inside ctucan_err_interrupt() except for\nthe only place.\n\nAdd the missed NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21775",
"url": "https://www.suse.com/security/cve/CVE-2025-21775"
},
{
"category": "external",
"summary": "SUSE Bug 1238501 for CVE-2025-21775",
"url": "https://bugzilla.suse.com/1238501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21776"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: hub: Ignore non-compliant devices with too many configs or interfaces\n\nRobert Morris created a test program which can cause\nusb_hub_to_struct_hub() to dereference a NULL or inappropriate\npointer:\n\nOops: general protection fault, probably for non-canonical address\n0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI\nCPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14\nHardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x31/0x80\n ? exc_general_protection+0x1b4/0x3c0\n ? asm_exc_general_protection+0x26/0x30\n ? usb_hub_adjust_deviceremovable+0x78/0x110\n hub_probe+0x7c7/0xab0\n usb_probe_interface+0x14b/0x350\n really_probe+0xd0/0x2d0\n ? __pfx___device_attach_driver+0x10/0x10\n __driver_probe_device+0x6e/0x110\n driver_probe_device+0x1a/0x90\n __device_attach_driver+0x7e/0xc0\n bus_for_each_drv+0x7f/0xd0\n __device_attach+0xaa/0x1a0\n bus_probe_device+0x8b/0xa0\n device_add+0x62e/0x810\n usb_set_configuration+0x65d/0x990\n usb_generic_driver_probe+0x4b/0x70\n usb_probe_device+0x36/0xd0\n\nThe cause of this error is that the device has two interfaces, and the\nhub driver binds to interface 1 instead of interface 0, which is where\nusb_hub_to_struct_hub() looks.\n\nWe can prevent the problem from occurring by refusing to accept hub\ndevices that violate the USB spec by having more than one\nconfiguration or interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21776",
"url": "https://www.suse.com/security/cve/CVE-2025-21776"
},
{
"category": "external",
"summary": "SUSE Bug 1238909 for CVE-2025-21776",
"url": "https://bugzilla.suse.com/1238909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel\n\nAdvertise support for Hyper-V\u0027s SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don\u0027t rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n dump_stack+0xbe/0xfd\n __kasan_report.cold+0x34/0x84\n kasan_report+0x3a/0x50\n __apic_accept_irq+0x3a/0x5c0\n kvm_hv_send_ipi.isra.0+0x34e/0x820\n kvm_hv_hypercall+0x8d9/0x9d0\n kvm_emulate_hypercall+0x506/0x7e0\n __vmx_handle_exit+0x283/0xb60\n vmx_handle_exit+0x1d/0xd0\n vcpu_enter_guest+0x16b0/0x24c0\n vcpu_run+0xc0/0x550\n kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n kvm_vcpu_ioctl+0x413/0xb20\n __se_sys_ioctl+0x111/0x160\n do_syscal1_64+0x30/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan\u0027t be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21779",
"url": "https://www.suse.com/security/cve/CVE-2025-21779"
},
{
"category": "external",
"summary": "SUSE Bug 1238768 for CVE-2025-21779",
"url": "https://bugzilla.suse.com/1238768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21780"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21780",
"url": "https://www.suse.com/security/cve/CVE-2025-21780"
},
{
"category": "external",
"summary": "SUSE Bug 1239115 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "external",
"summary": "SUSE Bug 1239116 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix panic during interface removal\n\nReference counting is used to ensure that\nbatadv_hardif_neigh_node and batadv_hard_iface\nare not freed before/during\nbatadv_v_elp_throughput_metric_update work is\nfinished.\n\nBut there isn\u0027t a guarantee that the hard if will\nremain associated with a soft interface up until\nthe work is finished.\n\nThis fixes a crash triggered by reboot that looks\nlike this:\n\nCall trace:\n batadv_v_mesh_free+0xd0/0x4dc [batman_adv]\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x178/0x398\n worker_thread+0x2e8/0x4d0\n kthread+0xd8/0xdc\n ret_from_fork+0x10/0x20\n\n(the batadv_v_mesh_free call is misleading,\nand does not actually happen)\n\nI was able to make the issue happen more reliably\nby changing hardif_neigh-\u003ebat_v.metric_work work\nto be delayed work. This allowed me to track down\nand confirm the fix.\n\n[sven@narfation.org: prevent entering batadv_v_elp_get_throughput without\n soft_iface]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21781",
"url": "https://www.suse.com/security/cve/CVE-2025-21781"
},
{
"category": "external",
"summary": "SUSE Bug 1238735 for CVE-2025-21781",
"url": "https://bugzilla.suse.com/1238735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix a oob in orangefs_debug_write\n\nI got a syzbot report: slab-out-of-bounds Read in\norangefs_debug_write... several people suggested fixes,\nI tested Al Viro\u0027s suggestion and made this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21782",
"url": "https://www.suse.com/security/cve/CVE-2025-21782"
},
{
"category": "external",
"summary": "SUSE Bug 1239117 for CVE-2025-21782",
"url": "https://bugzilla.suse.com/1239117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()\n\nIn function psp_init_cap_microcode(), it should bail out when failed to\nload firmware, otherwise it may cause invalid memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21784",
"url": "https://www.suse.com/security/cve/CVE-2025-21784"
},
{
"category": "external",
"summary": "SUSE Bug 1238510 for CVE-2025-21784",
"url": "https://bugzilla.suse.com/1238510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\n\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21785",
"url": "https://www.suse.com/security/cve/CVE-2025-21785"
},
{
"category": "external",
"summary": "SUSE Bug 1238747 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "external",
"summary": "SUSE Bug 1240745 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1240745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sn-f-ospi: Fix division by zero\n\nWhen there is no dummy cycle in the spi-nor commands, both dummy bus cycle\nbytes and width are zero. Because of the cpu\u0027s warning when divided by\nzero, the warning should be avoided. Return just zero to avoid such\ncalculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21793",
"url": "https://www.suse.com/security/cve/CVE-2025-21793"
},
{
"category": "external",
"summary": "SUSE Bug 1238500 for CVE-2025-21793",
"url": "https://bugzilla.suse.com/1238500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21794",
"url": "https://www.suse.com/security/cve/CVE-2025-21794"
},
{
"category": "external",
"summary": "SUSE Bug 1238502 for CVE-2025-21794",
"url": "https://bugzilla.suse.com/1238502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: clear acl_access/acl_default after releasing them\n\nIf getting acl_default fails, acl_access and acl_default will be released\nsimultaneously. However, acl_access will still retain a pointer pointing\nto the released posix_acl, which will trigger a WARNING in\nnfs3svc_release_getacl like this:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 26 PID: 3199 at lib/refcount.c:28\nrefcount_warn_saturate+0xb5/0x170\nModules linked in:\nCPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted\n6.12.0-rc6-00079-g04ae226af01f-dirty #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb5/0x170\nCode: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75\ne4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff \u003c0f\u003e 0b eb\ncd 0f b6 1d 8a3\nRSP: 0018:ffffc90008637cd8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380\nRBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56\nR10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0\nFS: 0000000000000000(0000) GS:ffff88871ed00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xb5/0x170\n ? __warn+0xa5/0x140\n ? refcount_warn_saturate+0xb5/0x170\n ? report_bug+0x1b1/0x1e0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? tick_nohz_tick_stopped+0x1e/0x40\n ? refcount_warn_saturate+0xb5/0x170\n ? refcount_warn_saturate+0xb5/0x170\n nfs3svc_release_getacl+0xc9/0xe0\n svc_process_common+0x5db/0xb60\n ? __pfx_svc_process_common+0x10/0x10\n ? __rcu_read_unlock+0x69/0xa0\n ? __pfx_nfsd_dispatch+0x10/0x10\n ? svc_xprt_received+0xa1/0x120\n ? xdr_init_decode+0x11d/0x190\n svc_process+0x2a7/0x330\n svc_handle_xprt+0x69d/0x940\n svc_recv+0x180/0x2d0\n nfsd+0x168/0x200\n ? __pfx_nfsd+0x10/0x10\n kthread+0x1a2/0x1e0\n ? kthread+0xf4/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nClear acl_access/acl_default after posix_acl_release is called to prevent\nUAF from being triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21796",
"url": "https://www.suse.com/security/cve/CVE-2025-21796"
},
{
"category": "external",
"summary": "SUSE Bug 1238716 for CVE-2025-21796",
"url": "https://bugzilla.suse.com/1238716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()\n\nThe rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()\nmacro to request a needed resource. A string variable that lives on the\nstack is then used to store a dynamically computed resource name, which\nis then passed on as one of the macro arguments. This can lead to\nundefined behavior.\n\nDepending on the current contents of the memory, the manifestations of\nerrors may vary. One possible output may be as follows:\n\n $ cat /proc/iomem\n 30000000-37ffffff :\n 38000000-3fffffff :\n\nSometimes, garbage may appear after the colon.\n\nIn very rare cases, if no NULL-terminator is found in memory, the system\nmight crash because the string iterator will overrun which can lead to\naccess of unmapped memory above the stack.\n\nThus, fix this by replacing outbound_name with the name of the previously\nrequested resource. With the changes applied, the output will be as\nfollows:\n\n $ cat /proc/iomem\n 30000000-37ffffff : memory2\n 38000000-3fffffff : memory3\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21804",
"url": "https://www.suse.com/security/cve/CVE-2025-21804"
},
{
"category": "external",
"summary": "SUSE Bug 1238736 for CVE-2025-21804",
"url": "https://bugzilla.suse.com/1238736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: class: Fix wild pointer dereferences in API class_dev_iter_next()\n\nThere are a potential wild pointer dereferences issue regarding APIs\nclass_dev_iter_(init|next|exit)(), as explained by below typical usage:\n\n// All members of @iter are wild pointers.\nstruct class_dev_iter iter;\n\n// class_dev_iter_init(@iter, @class, ...) checks parameter @class for\n// potential class_to_subsys() error, and it returns void type and does\n// not initialize its output parameter @iter, so caller can not detect\n// the error and continues to invoke class_dev_iter_next(@iter) even if\n// @iter still contains wild pointers.\nclass_dev_iter_init(\u0026iter, ...);\n\n// Dereference these wild pointers in @iter here once suffer the error.\nwhile (dev = class_dev_iter_next(\u0026iter)) { ... };\n\n// Also dereference these wild pointers here.\nclass_dev_iter_exit(\u0026iter);\n\nActually, all callers of these APIs have such usage pattern in kernel tree.\nFix by:\n- Initialize output parameter @iter by memset() in class_dev_iter_init()\n and give callers prompt by pr_crit() for the error.\n- Check if @iter is valid in class_dev_iter_next().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21810",
"url": "https://www.suse.com/security/cve/CVE-2025-21810"
},
{
"category": "external",
"summary": "SUSE Bug 1238757 for CVE-2025-21810",
"url": "https://bugzilla.suse.com/1238757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/compaction: fix UBSAN shift-out-of-bounds warning\n\nsyzkaller reported a UBSAN shift-out-of-bounds warning of (1UL \u003c\u003c order)\nin isolate_freepages_block(). The bogus compound_order can be any value\nbecause it is union with flags. Add back the MAX_PAGE_ORDER check to fix\nthe warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21815",
"url": "https://www.suse.com/security/cve/CVE-2025-21815"
},
{
"category": "external",
"summary": "SUSE Bug 1238474 for CVE-2025-21815",
"url": "https://bugzilla.suse.com/1238474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21819",
"url": "https://www.suse.com/security/cve/CVE-2025-21819"
},
{
"category": "external",
"summary": "SUSE Bug 1238994 for CVE-2025-21819",
"url": "https://bugzilla.suse.com/1238994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: xilinx_uartps: split sysrq handling\n\nlockdep detects the following circular locking dependency:\n\nCPU 0 CPU 1\n========================== ============================\ncdns_uart_isr() printk()\n uart_port_lock(port) console_lock()\n\t\t\t cdns_uart_console_write()\n if (!port-\u003esysrq)\n uart_port_lock(port)\n uart_handle_break()\n port-\u003esysrq = ...\n uart_handle_sysrq_char()\n printk()\n console_lock()\n\nThe fixed commit attempts to avoid this situation by only taking the\nport lock in cdns_uart_console_write if port-\u003esysrq unset. However, if\n(as shown above) cdns_uart_console_write runs before port-\u003esysrq is set,\nthen it will try to take the port lock anyway. This may result in a\ndeadlock.\n\nFix this by splitting sysrq handling into two parts. We use the prepare\nhelper under the port lock and defer handling until we release the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21820",
"url": "https://www.suse.com/security/cve/CVE-2025-21820"
},
{
"category": "external",
"summary": "SUSE Bug 1238479 for CVE-2025-21820",
"url": "https://bugzilla.suse.com/1238479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n Hardware name: Nokia 770\n Call trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x54/0x5c\n dump_stack_lvl from __schedule_bug+0x50/0x70\n __schedule_bug from __schedule+0x4d4/0x5bc\n __schedule from schedule+0x34/0xa0\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n clk_prepare_lock from clk_set_rate+0x18/0x154\n clk_set_rate from sossi_read_data+0x4c/0x168\n sossi_read_data from hwa742_read_reg+0x5c/0x8c\n hwa742_read_reg from send_frame_handler+0xfc/0x300\n send_frame_handler from process_pending_requests+0x74/0xd0\n process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n handle_irq_event from handle_level_irq+0x9c/0x170\n handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n generic_handle_arch_irq from call_with_stack+0x1c/0x24\n call_with_stack from __irq_svc+0x94/0xa8\n Exception stack(0xc5255da0 to 0xc5255de8)\n 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n 5de0: 60000013 ffffffff\n __irq_svc from clk_prepare_lock+0x4c/0xe4\n clk_prepare_lock from clk_get_rate+0x10/0x74\n clk_get_rate from uwire_setup_transfer+0x40/0x180\n uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n __spi_sync from spi_sync+0x24/0x40\n spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n ads7846_irq from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x120/0x228\n irq_thread from kthread+0xc8/0xe8\n kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21821",
"url": "https://www.suse.com/security/cve/CVE-2025-21821"
},
{
"category": "external",
"summary": "SUSE Bug 1239174 for CVE-2025-21821",
"url": "https://bugzilla.suse.com/1239174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Drop unmanaged ELP metric worker\n\nThe ELP worker needs to calculate new metric values for all neighbors\n\"reachable\" over an interface. Some of the used metric sources require\nlocks which might need to sleep. This sleep is incompatible with the RCU\nlist iterator used for the recorded neighbors. The initial approach to work\naround of this problem was to queue another work item per neighbor and then\nrun this in a new context.\n\nEven when this solved the RCU vs might_sleep() conflict, it has a major\nproblems: Nothing was stopping the work item in case it is not needed\nanymore - for example because one of the related interfaces was removed or\nthe batman-adv module was unloaded - resulting in potential invalid memory\naccesses.\n\nDirectly canceling the metric worker also has various problems:\n\n* cancel_work_sync for a to-be-deactivated interface is called with\n rtnl_lock held. But the code in the ELP metric worker also tries to use\n rtnl_lock() - which will never return in this case. This also means that\n cancel_work_sync would never return because it is waiting for the worker\n to finish.\n* iterating over the neighbor list for the to-be-deactivated interface is\n currently done using the RCU specific methods. Which means that it is\n possible to miss items when iterating over it without the associated\n spinlock - a behaviour which is acceptable for a periodic metric check\n but not for a cleanup routine (which must \"stop\" all still running\n workers)\n\nThe better approch is to get rid of the per interface neighbor metric\nworker and handle everything in the interface worker. The original problems\nare solved by:\n\n* creating a list of neighbors which require new metric information inside\n the RCU protected context, gathering the metric according to the new list\n outside the RCU protected context\n* only use rcu_trylock inside metric gathering code to avoid a deadlock\n when the cancel_delayed_work_sync is called in the interface removal code\n (which is called with the rtnl_lock held)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21823",
"url": "https://www.suse.com/security/cve/CVE-2025-21823"
},
{
"category": "external",
"summary": "SUSE Bug 1238475 for CVE-2025-21823",
"url": "https://bugzilla.suse.com/1238475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Cancel the running bpf_timer through kworker for PREEMPT_RT\n\nDuring the update procedure, when overwrite element in a pre-allocated\nhtab, the freeing of old_element is protected by the bucket lock. The\nreason why the bucket lock is necessary is that the old_element has\nalready been stashed in htab-\u003eextra_elems after alloc_htab_elem()\nreturns. If freeing the old_element after the bucket lock is unlocked,\nthe stashed element may be reused by concurrent update procedure and the\nfreeing of old_element will run concurrently with the reuse of the\nold_element. However, the invocation of check_and_free_fields() may\nacquire a spin-lock which violates the lockdep rule because its caller\nhas already held a raw-spin-lock (bucket lock). The following warning\nwill be reported when such race happens:\n\n BUG: scheduling while atomic: test_progs/676/0x00000003\n 3 locks held by test_progs/676:\n #0: ffffffff864b0240 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x2c0/0x830\n #1: ffff88810e961188 (\u0026htab-\u003elockdep_key){....}-{2:2}, at: htab_map_update_elem+0x306/0x1500\n #2: ffff8881f4eac1b8 (\u0026base-\u003esoftirq_expiry_lock){....}-{2:2}, at: hrtimer_cancel_wait_running+0xe9/0x1b0\n Modules linked in: bpf_testmod(O)\n Preemption disabled at:\n [\u003cffffffff817837a3\u003e] htab_map_update_elem+0x293/0x1500\n CPU: 0 UID: 0 PID: 676 Comm: test_progs Tainted: G ... 6.12.0+ #11\n Tainted: [W]=WARN, [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x57/0x70\n dump_stack+0x10/0x20\n __schedule_bug+0x120/0x170\n __schedule+0x300c/0x4800\n schedule_rtlock+0x37/0x60\n rtlock_slowlock_locked+0x6d9/0x54c0\n rt_spin_lock+0x168/0x230\n hrtimer_cancel_wait_running+0xe9/0x1b0\n hrtimer_cancel+0x24/0x30\n bpf_timer_delete_work+0x1d/0x40\n bpf_timer_cancel_and_free+0x5e/0x80\n bpf_obj_free_fields+0x262/0x4a0\n check_and_free_fields+0x1d0/0x280\n htab_map_update_elem+0x7fc/0x1500\n bpf_prog_9f90bc20768e0cb9_overwrite_cb+0x3f/0x43\n bpf_prog_ea601c4649694dbd_overwrite_timer+0x5d/0x7e\n bpf_prog_test_run_syscall+0x322/0x830\n __sys_bpf+0x135d/0x3ca0\n __x64_sys_bpf+0x75/0xb0\n x64_sys_call+0x1b5/0xa10\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n ...\n \u003c/TASK\u003e\n\nIt seems feasible to break the reuse and refill of per-cpu extra_elems\ninto two independent parts: reuse the per-cpu extra_elems with bucket\nlock being held and refill the old_element as per-cpu extra_elems after\nthe bucket lock is unlocked. However, it will make the concurrent\noverwrite procedures on the same CPU return unexpected -E2BIG error when\nthe map is full.\n\nTherefore, the patch fixes the lock problem by breaking the cancelling\nof bpf_timer into two steps for PREEMPT_RT:\n1) use hrtimer_try_to_cancel() and check its return value\n2) if the timer is running, use hrtimer_cancel() through a kworker to\n cancel it again\nConsidering that the current implementation of hrtimer_cancel() will try\nto acquire a being held softirq_expiry_lock when the current timer is\nrunning, these steps above are reasonable. However, it also has\ndownside. When the timer is running, the cancelling of the timer is\ndelayed when releasing the last map uref. The delay is also fixable\n(e.g., break the cancelling of bpf timer into two parts: one part in\nlocked scope, another one in unlocked scope), it can be revised later if\nnecessary.\n\nIt is a bit hard to decide the right fix tag. One reason is that the\nproblem depends on PREEMPT_RT which is enabled in v6.12. Considering the\nsoftirq_expiry_lock lock exists since v5.4 and bpf_timer is introduced\nin v5.15, the bpf_timer commit is used in the fixes tag and an extra\ndepends-on tag is added to state the dependency on PREEMPT_RT.\n\nDepends-on: v6.12+ with PREEMPT_RT enabled",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21825",
"url": "https://www.suse.com/security/cve/CVE-2025-21825"
},
{
"category": "external",
"summary": "SUSE Bug 1238971 for CVE-2025-21825",
"url": "https://bugzilla.suse.com/1238971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21825"
},
{
"cve": "CVE-2025-21828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t flush non-uploaded STAs\n\nIf STA state is pre-moved to AUTHORIZED (such as in IBSS\nscenarios) and insertion fails, the station is freed.\nIn this case, the driver never knew about the station,\nso trying to flush it is unexpected and may crash.\n\nCheck if the sta was uploaded to the driver before and\nfix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21828",
"url": "https://www.suse.com/security/cve/CVE-2025-21828"
},
{
"category": "external",
"summary": "SUSE Bug 1238958 for CVE-2025-21828",
"url": "https://bugzilla.suse.com/1238958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21828"
},
{
"cve": "CVE-2025-21829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the warning \"__rxe_cleanup+0x12c/0x170 [rdma_rxe]\"\n\nThe Call Trace is as below:\n\"\n \u003cTASK\u003e\n ? show_regs.cold+0x1a/0x1f\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __warn+0x84/0xd0\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? report_bug+0x105/0x180\n ? handle_bug+0x46/0x80\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __rxe_cleanup+0x124/0x170 [rdma_rxe]\n rxe_destroy_qp.cold+0x24/0x29 [rdma_rxe]\n ib_destroy_qp_user+0x118/0x190 [ib_core]\n rdma_destroy_qp.cold+0x43/0x5e [rdma_cm]\n rtrs_cq_qp_destroy.cold+0x1d/0x2b [rtrs_core]\n rtrs_srv_close_work.cold+0x1b/0x31 [rtrs_server]\n process_one_work+0x21d/0x3f0\n worker_thread+0x4a/0x3c0\n ? process_one_work+0x3f0/0x3f0\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\"\nWhen too many rdma resources are allocated, rxe needs more time to\nhandle these rdma resources. Sometimes with the current timeout, rxe\ncan not release the rdma resources correctly.\n\nCompared with other rdma drivers, a bigger timeout is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21829",
"url": "https://www.suse.com/security/cve/CVE-2025-21829"
},
{
"category": "external",
"summary": "SUSE Bug 1239030 for CVE-2025-21829",
"url": "https://bugzilla.suse.com/1239030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21829"
},
{
"cve": "CVE-2025-21830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Handle weird files\n\nA corrupted filesystem (e.g. bcachefs) might return weird files.\nInstead of throwing a warning and allowing access to such file, treat\nthem as regular files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21830",
"url": "https://www.suse.com/security/cve/CVE-2025-21830"
},
{
"category": "external",
"summary": "SUSE Bug 1239033 for CVE-2025-21830",
"url": "https://bugzilla.suse.com/1239033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21830"
},
{
"cve": "CVE-2025-21831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1\n\ncommit 9d26d3a8f1b0 (\"PCI: Put PCIe ports into D3 during suspend\") sets the\npolicy that all PCIe ports are allowed to use D3. When the system is\nsuspended if the port is not power manageable by the platform and won\u0027t be\nused for wakeup via a PME this sets up the policy for these ports to go\ninto D3hot.\n\nThis policy generally makes sense from an OSPM perspective but it leads to\nproblems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a\nspecific old BIOS. This manifests as a system hang.\n\nOn the affected Device + BIOS combination, add a quirk for the root port of\nthe problematic controller to ensure that these root ports are not put into\nD3hot at suspend.\n\nThis patch is based on\n\n https://lore.kernel.org/linux-pci/20230708214457.1229-2-mario.limonciello@amd.com\n\nbut with the added condition both in the documentation and in the code to\napply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only\nthe affected root ports.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21831",
"url": "https://www.suse.com/security/cve/CVE-2025-21831"
},
{
"category": "external",
"summary": "SUSE Bug 1239039 for CVE-2025-21831",
"url": "https://bugzilla.suse.com/1239039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21831"
},
{
"cve": "CVE-2025-21832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don\u0027t revert for -EIOCBQUEUED, like what is done in other\nspots.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21832",
"url": "https://www.suse.com/security/cve/CVE-2025-21832"
},
{
"category": "external",
"summary": "SUSE Bug 1239105 for CVE-2025-21832",
"url": "https://bugzilla.suse.com/1239105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_midi: fix MIDI Streaming descriptor lengths\n\nWhile the MIDI jacks are configured correctly, and the MIDIStreaming\nendpoint descriptors are filled with the correct information,\nbNumEmbMIDIJack and bLength are set incorrectly in these descriptors.\n\nThis does not matter when the numbers of in and out ports are equal, but\nwhen they differ the host will receive broken descriptors with\nuninitialized stack memory leaking into the descriptor for whichever\nvalue is smaller.\n\nThe precise meaning of \"in\" and \"out\" in the port counts is not clearly\ndefined and can be confusing. But elsewhere the driver consistently\nuses this to match the USB meaning of IN and OUT viewed from the host,\nso that \"in\" ports send data to the host and \"out\" ports receive data\nfrom it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21835",
"url": "https://www.suse.com/security/cve/CVE-2025-21835"
},
{
"category": "external",
"summary": "SUSE Bug 1239068 for CVE-2025-21835",
"url": "https://bugzilla.suse.com/1239068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: flush gadget workqueue after device removal\n\ndevice_del() can lead to new work being scheduled in gadget-\u003ework\nworkqueue. This is observed, for example, with the dwc3 driver with the\nfollowing call stack:\n device_del()\n gadget_unbind_driver()\n usb_gadget_disconnect_locked()\n dwc3_gadget_pullup()\n\t dwc3_gadget_soft_disconnect()\n\t usb_gadget_set_state()\n\t schedule_work(\u0026gadget-\u003ework)\n\nMove flush_work() after device_del() to ensure the workqueue is cleaned\nup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21838",
"url": "https://www.suse.com/security/cve/CVE-2025-21838"
},
{
"category": "external",
"summary": "SUSE Bug 1239065 for CVE-2025-21838",
"url": "https://bugzilla.suse.com/1239065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21838"
},
{
"cve": "CVE-2025-21844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Add check for next_buffer in receive_encrypted_standard()\n\nAdd check for the return value of cifs_buf_get() and cifs_small_buf_get()\nin receive_encrypted_standard() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21844",
"url": "https://www.suse.com/security/cve/CVE-2025-21844"
},
{
"category": "external",
"summary": "SUSE Bug 1239512 for CVE-2025-21844",
"url": "https://bugzilla.suse.com/1239512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacct: perform last write from workqueue\n\nIn [1] it was reported that the acct(2) system call can be used to\ntrigger NULL deref in cases where it is set to write to a file that\ntriggers an internal lookup. This can e.g., happen when pointing acc(2)\nto /sys/power/resume. At the point the where the write to this file\nhappens the calling task has already exited and called exit_fs(). A\nlookup will thus trigger a NULL-deref when accessing current-\u003efs.\n\nReorganize the code so that the the final write happens from the\nworkqueue but with the caller\u0027s credentials. This preserves the\n(strange) permission model and has almost no regression risk.\n\nThis api should stop to exist though.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21846",
"url": "https://www.suse.com/security/cve/CVE-2025-21846"
},
{
"category": "external",
"summary": "SUSE Bug 1239508 for CVE-2025-21846",
"url": "https://bugzilla.suse.com/1239508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()\n\nThe nullity of sps-\u003ecstream should be checked similarly as it is done in\nsof_set_stream_data_offset() function.\nAssuming that it is not NULL if sps-\u003estream is NULL is incorrect and can\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21847",
"url": "https://www.suse.com/security/cve/CVE-2025-21847"
},
{
"category": "external",
"summary": "SUSE Bug 1239471 for CVE-2025-21847",
"url": "https://bugzilla.suse.com/1239471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\n\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21848",
"url": "https://www.suse.com/security/cve/CVE-2025-21848"
},
{
"category": "external",
"summary": "SUSE Bug 1239479 for CVE-2025-21848",
"url": "https://bugzilla.suse.com/1239479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: Fix crash when a namespace is disabled\n\nThe namespace percpu counter protects pending I/O, and we can\nonly safely diable the namespace once the counter drop to zero.\nOtherwise we end up with a crash when running blktests/nvme/058\n(eg for loop transport):\n\n[ 2352.930426] [ T53909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 2352.930431] [ T53909] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n[ 2352.930434] [ T53909] CPU: 3 UID: 0 PID: 53909 Comm: kworker/u16:5 Tainted: G W 6.13.0-rc6 #232\n[ 2352.930438] [ T53909] Tainted: [W]=WARN\n[ 2352.930440] [ T53909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 2352.930443] [ T53909] Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]\n[ 2352.930449] [ T53909] RIP: 0010:blkcg_set_ioprio+0x44/0x180\n\nas the queue is already torn down when calling submit_bio();\n\nSo we need to init the percpu counter in nvmet_ns_enable(), and\nwait for it to drop to zero in nvmet_ns_disable() to avoid having\nI/O pending after the namespace has been disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21850",
"url": "https://www.suse.com/security/cve/CVE-2025-21850"
},
{
"category": "external",
"summary": "SUSE Bug 1239477 for CVE-2025-21850",
"url": "https://bugzilla.suse.com/1239477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Don\u0027t reference skb after sending to VIOS\n\nPreviously, after successfully flushing the xmit buffer to VIOS,\nthe tx_bytes stat was incremented by the length of the skb.\n\nIt is invalid to access the skb memory after sending the buffer to\nthe VIOS because, at any point after sending, the VIOS can trigger\nan interrupt to free this memory. A race between reading skb-\u003elen\nand freeing the skb is possible (especially during LPM) and will\nresult in use-after-free:\n ==================================================================\n BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n Read of size 4 at addr c00000024eb48a70 by task hxecom/14495\n \u003c...\u003e\n Call Trace:\n [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable)\n [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0\n [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8\n [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0\n [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358\n \u003c...\u003e\n Freed by task 0:\n kasan_save_stack+0x34/0x68\n kasan_save_track+0x2c/0x50\n kasan_save_free_info+0x64/0x108\n __kasan_mempool_poison_object+0x148/0x2d4\n napi_skb_cache_put+0x5c/0x194\n net_tx_action+0x154/0x5b8\n handle_softirqs+0x20c/0x60c\n do_softirq_own_stack+0x6c/0x88\n \u003c...\u003e\n The buggy address belongs to the object at c00000024eb48a00 which\n belongs to the cache skbuff_head_cache of size 224\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21855",
"url": "https://www.suse.com/security/cve/CVE-2025-21855"
},
{
"category": "external",
"summary": "SUSE Bug 1239484 for CVE-2025-21855",
"url": "https://bugzilla.suse.com/1239484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: add release function for struct device\n\nAccording to device_release() in /drivers/base/core.c,\na device without a release function is a broken device\nand must be fixed.\n\nThe current code directly frees the device after calling device_add()\nwithout waiting for other kernel parts to release their references.\nThus, a reference could still be held to a struct device,\ne.g., by sysfs, leading to potential use-after-free\nissues if a proper release function is not set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21856",
"url": "https://www.suse.com/security/cve/CVE-2025-21856"
},
{
"category": "external",
"summary": "SUSE Bug 1239486 for CVE-2025-21856",
"url": "https://bugzilla.suse.com/1239486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_api: fix error handling causing NULL dereference\n\ntcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can\nreturn 1 if the allocation succeeded after wrapping. This was treated as\nan error, with value 1 returned to caller tcf_exts_init_ex() which sets\nexts-\u003eactions to NULL and returns 1 to caller fl_change().\n\nfl_change() treats err == 1 as success, calling tcf_exts_validate_ex()\nwhich calls tcf_action_init() with exts-\u003eactions as argument, where it\nis dereferenced.\n\nExample trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCPU: 114 PID: 16151 Comm: handler114 Kdump: loaded Not tainted 5.14.0-503.16.1.el9_5.x86_64 #1\nRIP: 0010:tcf_action_init+0x1f8/0x2c0\nCall Trace:\n tcf_action_init+0x1f8/0x2c0\n tcf_exts_validate_ex+0x175/0x190\n fl_change+0x537/0x1120 [cls_flower]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21857",
"url": "https://www.suse.com/security/cve/CVE-2025-21857"
},
{
"category": "external",
"summary": "SUSE Bug 1239478 for CVE-2025-21857",
"url": "https://bugzilla.suse.com/1239478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: Fix use-after-free in geneve_find_dev().\n\nsyzkaller reported a use-after-free in geneve_find_dev() [0]\nwithout repro.\n\ngeneve_configure() links struct geneve_dev.next to\nnet_generic(net, geneve_net_id)-\u003egeneve_list.\n\nThe net here could differ from dev_net(dev) if IFLA_NET_NS_PID,\nIFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set.\n\nWhen dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally\ncalls unregister_netdevice_queue() for each dev in the netns,\nand later the dev is freed.\n\nHowever, its geneve_dev.next is still linked to the backend UDP\nsocket netns.\n\nThen, use-after-free will occur when another geneve dev is created\nin the netns.\n\nLet\u0027s call geneve_dellink() instead in geneve_destroy_tunnels().\n\n[0]:\nBUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline]\nBUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\nRead of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441\n\nCPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379\n geneve_find_dev drivers/net/geneve.c:1295 [inline]\n geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\n geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634\n rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:713 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568\n ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622\n __sys_sendmsg net/socket.c:2654 [inline]\n __do_sys_sendmsg net/socket.c:2659 [inline]\n __se_sys_sendmsg net/socket.c:2657 [inline]\n __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600\n\nAllocated by task 13247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4298 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645\n alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470\n rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_n\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21858",
"url": "https://www.suse.com/security/cve/CVE-2025-21858"
},
{
"category": "external",
"summary": "SUSE Bug 1239468 for CVE-2025-21858",
"url": "https://bugzilla.suse.com/1239468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: f_midi: f_midi_complete to call queue_work\n\nWhen using USB MIDI, a lock is attempted to be acquired twice through a\nre-entrant call to f_midi_transmit, causing a deadlock.\n\nFix it by using queue_work() to schedule the inner f_midi_transmit() via\na high priority work queue from the completion handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21859",
"url": "https://www.suse.com/security/cve/CVE-2025-21859"
},
{
"category": "external",
"summary": "SUSE Bug 1239467 for CVE-2025-21859",
"url": "https://bugzilla.suse.com/1239467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate_device: don\u0027t add folio to be freed to LRU in migrate_device_finalize()\n\nIf migration succeeded, we called\nfolio_migrate_flags()-\u003emem_cgroup_migrate() to migrate the memcg from the\nold to the new folio. This will set memcg_data of the old folio to 0.\n\nSimilarly, if migration failed, memcg_data of the dst folio is left unset.\n\nIf we call folio_putback_lru() on such folios (memcg_data == 0), we will\nadd the folio to be freed to the LRU, making memcg code unhappy. Running\nthe hmm selftests:\n\n # ./hmm-tests\n ...\n # RUN hmm.hmm_device_private.migrate ...\n [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00\n [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff)\n [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9\n [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000\n [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg \u0026\u0026 !mem_cgroup_disabled())\n [ 102.087230][T14893] ------------[ cut here ]------------\n [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.090478][T14893] Modules linked in:\n [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151\n [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.096104][T14893] Code: ...\n [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293\n [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426\n [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880\n [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000\n [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8\n [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000\n [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000\n [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0\n [ 102.113478][T14893] PKRU: 55555554\n [ 102.114172][T14893] Call Trace:\n [ 102.114805][T14893] \u003cTASK\u003e\n [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.116547][T14893] ? __warn.cold+0x110/0x210\n [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.118667][T14893] ? report_bug+0x1b9/0x320\n [ 102.119571][T14893] ? handle_bug+0x54/0x90\n [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50\n [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20\n [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0\n [ 102.123506][T14893] ? dump_page+0x4f/0x60\n [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200\n [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720\n [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.129550][T14893] folio_putback_lru+0x16/0x80\n [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530\n [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0\n [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80\n\nLikely, nothing else goes wrong: putting the last folio reference will\nremove the folio from the LRU again. So besides memcg complaining, adding\nthe folio to be freed to the LRU is just an unnecessary step.\n\nThe new flow resembles what we have in migrate_folio_move(): add the dst\nto the lru, rem\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21861",
"url": "https://www.suse.com/security/cve/CVE-2025-21861"
},
{
"category": "external",
"summary": "SUSE Bug 1239483 for CVE-2025-21861",
"url": "https://bugzilla.suse.com/1239483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: fix incorrect initialization order\n\nSyzkaller reports the following bug:\n\nBUG: spinlock bad magic on CPU#1, syz-executor.0/7995\n lock: 0xffff88805303f3e0, .magic: 00000000, .owner: \u003cnone\u003e/-1, .owner_cpu: 0\nCPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x119/0x179 lib/dump_stack.c:118\n debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]\n do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]\n _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159\n reset_per_cpu_data+0xe6/0x240 [drop_monitor]\n net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor]\n genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497\n genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:651 [inline]\n __sock_sendmsg+0x157/0x190 net/socket.c:663\n ____sys_sendmsg+0x712/0x870 net/socket.c:2378\n ___sys_sendmsg+0xf8/0x170 net/socket.c:2432\n __sys_sendmsg+0xea/0x1b0 net/socket.c:2461\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\nRIP: 0033:0x7f3f9815aee9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9\nRDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007\nRBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768\n\nIf drop_monitor is built as a kernel module, syzkaller may have time\nto send a netlink NET_DM_CMD_START message during the module loading.\nThis will call the net_dm_monitor_start() function that uses\na spinlock that has not yet been initialized.\n\nTo fix this, let\u0027s place resource initialization above the registration\nof a generic netlink family.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21862",
"url": "https://www.suse.com/security/cve/CVE-2025-21862"
},
{
"category": "external",
"summary": "SUSE Bug 1239474 for CVE-2025-21862",
"url": "https://bugzilla.suse.com/1239474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: drop secpath at the same time as we currently drop dst\n\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\nrunning tests that boil down to:\n - create a pair of netns\n - run a basic TCP test over ipcomp6\n - delete the pair of netns\n\nThe xfrm_state found on spi_byaddr was not deleted at the time we\ndelete the netns, because we still have a reference on it. This\nlingering reference comes from a secpath (which holds a ref on the\nxfrm_state), which is still attached to an skb. This skb is not\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\nskb_attempt_defer_free.\n\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\nthat case, we still have a reference on the xfrm_state that we don\u0027t\nexpect at this point.\n\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\nlonger needed, so let\u0027s also drop the secpath. At this point,\ntcp_filter has already called into the LSM hooks that may require the\nsecpath, so it should not be needed anymore. However, in some of those\nplaces, the MPTCP extension has just been attached to the skb, so we\ncannot simply drop all extensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21864",
"url": "https://www.suse.com/security/cve/CVE-2025-21864"
},
{
"category": "external",
"summary": "SUSE Bug 1239482 for CVE-2025-21864",
"url": "https://bugzilla.suse.com/1239482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().\n\nBrad Spengler reported the list_del() corruption splat in\ngtp_net_exit_batch_rtnl(). [0]\n\nCommit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns\ndismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl()\nto destroy devices in each netns as done in geneve and ip tunnels.\n\nHowever, this could trigger -\u003edellink() twice for the same device during\n-\u003eexit_batch_rtnl().\n\nSay we have two netns A \u0026 B and gtp device B that resides in netns B but\nwhose UDP socket is in netns A.\n\n 1. cleanup_net() processes netns A and then B.\n\n 2. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns A\u0027s gn-\u003egtp_dev_list and calls -\u003edellink().\n\n [ device B is not yet unlinked from netns B\n as unregister_netdevice_many() has not been called. ]\n\n 3. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns B\u0027s for_each_netdev() and calls -\u003edellink().\n\ngtp_dellink() cleans up the device\u0027s hash table, unlinks the dev from\ngn-\u003egtp_dev_list, and calls unregister_netdevice_queue().\n\nBasically, calling gtp_dellink() multiple times is fine unless\nCONFIG_DEBUG_LIST is enabled.\n\nLet\u0027s remove for_each_netdev() in gtp_net_exit_batch_rtnl() and\ndelegate the destruction to default_device_exit_batch() as done\nin bareudp.\n\n[0]:\nlist_del corruption, ffff8880aaa62c00-\u003enext (autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]) is LIST_POISON1 (ffffffffffffff02) (prev is 0xffffffffffffff04)\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 UID: 0 PID: 1804 Comm: kworker/u8:7 Tainted: G T 6.12.13-grsec-full-20250211091339 #1\nTainted: [T]=RANDSTRUCT\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:[\u003cffffffff84947381\u003e] __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nCode: c2 76 91 31 c0 e8 9f b1 f7 fc 0f 0b 4d 89 f0 48 c7 c1 02 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 e0 c2 76 91 31 c0 e8 7f b1 f7 fc \u003c0f\u003e 0b 4d 89 e8 48 c7 c1 04 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 60\nRSP: 0018:fffffe8040b4fbd0 EFLAGS: 00010283\nRAX: 00000000000000cc RBX: dffffc0000000000 RCX: ffffffff818c4054\nRDX: ffffffff84947381 RSI: ffffffff818d1512 RDI: 0000000000000000\nRBP: ffff8880aaa62c00 R08: 0000000000000001 R09: fffffbd008169f32\nR10: fffffe8040b4f997 R11: 0000000000000001 R12: a1988d84f24943e4\nR13: ffffffffffffff02 R14: ffffffffffffff04 R15: ffff8880aaa62c08\nRBX: kasan shadow of 0x0\nRCX: __wake_up_klogd.part.0+0x74/0xe0 kernel/printk/printk.c:4554\nRDX: __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nRSI: vprintk+0x72/0x100 kernel/printk/printk_safe.c:71\nRBP: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]\nRSP: process kstack fffffe8040b4fbd0+0x7bd0/0x8000 [kworker/u8:7+netns 1804 ]\nR09: kasan shadow of process kstack fffffe8040b4f990+0x7990/0x8000 [kworker/u8:7+netns 1804 ]\nR10: process kstack fffffe8040b4f997+0x7997/0x8000 [kworker/u8:7+netns 1804 ]\nR15: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc08/0x1000 [slab object]\nFS: 0000000000000000(0000) GS:ffff888116000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000748f5372c000 CR3: 0000000015408000 CR4: 00000000003406f0 shadow CR4: 00000000003406f0\nStack:\n 0000000000000000 ffffffff8a0c35e7 ffffffff8a0c3603 ffff8880aaa62c00\n ffff8880aaa62c00 0000000000000004 ffff88811145311c 0000000000000005\n 0000000000000001 ffff8880aaa62000 fffffe8040b4fd40 ffffffff8a0c360d\nCall Trace:\n \u003cTASK\u003e\n [\u003cffffffff8a0c360d\u003e] __list_del_entry_valid include/linux/list.h:131 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] __list_del_entry include/linux/list.h:248 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] list_del include/linux/list.h:262 [inl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21865",
"url": "https://www.suse.com/security/cve/CVE-2025-21865"
},
{
"category": "external",
"summary": "SUSE Bug 1239481 for CVE-2025-21865",
"url": "https://bugzilla.suse.com/1239481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC\n\nErhard reported the following KASAN hit while booting his PowerMac G4\nwith a KASAN-enabled kernel 6.13-rc6:\n\n BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8\n Write of size 8 at addr f1000000 by task chronyd/1293\n\n CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2\n Tainted: [W]=WARN\n Hardware name: PowerMac3,6 7455 0x80010303 PowerMac\n Call Trace:\n [c2437590] [c1631a84] dump_stack_lvl+0x70/0x8c (unreliable)\n [c24375b0] [c0504998] print_report+0xdc/0x504\n [c2437610] [c050475c] kasan_report+0xf8/0x108\n [c2437690] [c0505a3c] kasan_check_range+0x24/0x18c\n [c24376a0] [c03fb5e4] copy_to_kernel_nofault+0xd8/0x1c8\n [c24376c0] [c004c014] patch_instructions+0x15c/0x16c\n [c2437710] [c00731a8] bpf_arch_text_copy+0x60/0x7c\n [c2437730] [c0281168] bpf_jit_binary_pack_finalize+0x50/0xac\n [c2437750] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec\n [c2437880] [c0280394] bpf_prog_select_runtime+0x15c/0x478\n [c24378d0] [c1263428] bpf_prepare_filter+0xbf8/0xc14\n [c2437990] [c12677ec] bpf_prog_create_from_user+0x258/0x2b4\n [c24379d0] [c027111c] do_seccomp+0x3dc/0x1890\n [c2437ac0] [c001d8e0] system_call_exception+0x2dc/0x420\n [c2437f30] [c00281ac] ret_from_syscall+0x0/0x2c\n --- interrupt: c00 at 0x5a1274\n NIP: 005a1274 LR: 006a3b3c CTR: 005296c8\n REGS: c2437f40 TRAP: 0c00 Tainted: G W (6.13.0-rc6-PMacG4)\n MSR: 0200f932 \u003cVEC,EE,PR,FP,ME,IR,DR,RI\u003e CR: 24004422 XER: 00000000\n\n GPR00: 00000166 af8f3fa0 a7ee3540 00000001 00000000 013b6500 005a5858 0200f932\n GPR08: 00000000 00001fe9 013d5fc8 005296c8 2822244c 00b2fcd8 00000000 af8f4b57\n GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002\n GPR24: 00afdbb0 00000000 00000000 00000000 006e0004 013ce060 006e7c1c 00000001\n NIP [005a1274] 0x5a1274\n LR [006a3b3c] 0x6a3b3c\n --- interrupt: c00\n\n The buggy address belongs to the virtual mapping at\n [f1000000, f1002000) created by:\n text_area_cpu_up+0x20/0x190\n\n The buggy address belongs to the physical page:\n page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x76e30\n flags: 0x80000000(zone=2)\n raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001\n raw: 00000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n f0ffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n f0ffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003ef1000000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n f1000080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n f1000100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ==================================================================\n\nf8 corresponds to KASAN_VMALLOC_INVALID which means the area is not\ninitialised hence not supposed to be used yet.\n\nPowerpc text patching infrastructure allocates a virtual memory area\nusing get_vm_area() and flags it as VM_ALLOC. But that flag is meant\nto be used for vmalloc() and vmalloc() allocated memory is not\nsupposed to be used before a call to __vmalloc_node_range() which is\nnever called for that area.\n\nThat went undetected until commit e4137f08816b (\"mm, kasan, kmsan:\ninstrument copy_from/to_kernel_nofault\")\n\nThe area allocated by text_area_cpu_up() is not vmalloc memory, it is\nmapped directly on demand when needed by map_kernel_page(). There is\nno VM flag corresponding to such usage, so just pass no flag. That way\nthe area will be unpoisonned and usable immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21866",
"url": "https://www.suse.com/security/cve/CVE-2025-21866"
},
{
"category": "external",
"summary": "SUSE Bug 1239473 for CVE-2025-21866",
"url": "https://bugzilla.suse.com/1239473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Disable KASAN report during patching via temporary mm\n\nErhard reports the following KASAN hit on Talos II (power9) with kernel 6.13:\n\n[ 12.028126] ==================================================================\n[ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1\n\n[ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted: G T 6.13.0-P9-dirty #3\n[ 12.028408] Tainted: [T]=RANDSTRUCT\n[ 12.028446] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n[ 12.028500] Call Trace:\n[ 12.028536] [c000000008dbf3b0] [c000000001656a48] dump_stack_lvl+0xbc/0x110 (unreliable)\n[ 12.028609] [c000000008dbf3f0] [c0000000006e2fc8] print_report+0x6b0/0x708\n[ 12.028666] [c000000008dbf4e0] [c0000000006e2454] kasan_report+0x164/0x300\n[ 12.028725] [c000000008dbf600] [c0000000006e54d4] kasan_check_range+0x314/0x370\n[ 12.028784] [c000000008dbf640] [c0000000006e6310] __kasan_check_write+0x20/0x40\n[ 12.028842] [c000000008dbf660] [c000000000578e8c] copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028902] [c000000008dbf6a0] [c0000000000acfe4] __patch_instructions+0x194/0x210\n[ 12.028965] [c000000008dbf6e0] [c0000000000ade80] patch_instructions+0x150/0x590\n[ 12.029026] [c000000008dbf7c0] [c0000000001159bc] bpf_arch_text_copy+0x6c/0xe0\n[ 12.029085] [c000000008dbf800] [c000000000424250] bpf_jit_binary_pack_finalize+0x40/0xc0\n[ 12.029147] [c000000008dbf830] [c000000000115dec] bpf_int_jit_compile+0x3bc/0x930\n[ 12.029206] [c000000008dbf990] [c000000000423720] bpf_prog_select_runtime+0x1f0/0x280\n[ 12.029266] [c000000008dbfa00] [c000000000434b18] bpf_prog_load+0xbb8/0x1370\n[ 12.029324] [c000000008dbfb70] [c000000000436ebc] __sys_bpf+0x5ac/0x2e00\n[ 12.029379] [c000000008dbfd00] [c00000000043a228] sys_bpf+0x28/0x40\n[ 12.029435] [c000000008dbfd20] [c000000000038eb4] system_call_exception+0x334/0x610\n[ 12.029497] [c000000008dbfe50] [c00000000000c270] system_call_vectored_common+0xf0/0x280\n[ 12.029561] --- interrupt: 3000 at 0x3fff82f5cfa8\n[ 12.029608] NIP: 00003fff82f5cfa8 LR: 00003fff82f5cfa8 CTR: 0000000000000000\n[ 12.029660] REGS: c000000008dbfe80 TRAP: 3000 Tainted: G T (6.13.0-P9-dirty)\n[ 12.029735] MSR: 900000000280f032 \u003cSF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI\u003e CR: 42004848 XER: 00000000\n[ 12.029855] IRQMASK: 0\n GPR00: 0000000000000169 00003fffdcf789a0 00003fff83067100 0000000000000005\n GPR04: 00003fffdcf78a98 0000000000000090 0000000000000000 0000000000000008\n GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 0000000000000000 00003fff836ff7e0 c000000000010678 0000000000000000\n GPR16: 0000000000000000 0000000000000000 00003fffdcf78f28 00003fffdcf78f90\n GPR20: 0000000000000000 0000000000000000 0000000000000000 00003fffdcf78f80\n GPR24: 00003fffdcf78f70 00003fffdcf78d10 00003fff835c7239 00003fffdcf78bd8\n GPR28: 00003fffdcf78a98 0000000000000000 0000000000000000 000000011f547580\n[ 12.030316] NIP [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030361] LR [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030405] --- interrupt: 3000\n[ 12.030444] ==================================================================\n\nCommit c28c15b6d28a (\"powerpc/code-patching: Use temporary mm for\nRadix MMU\") is inspired from x86 but unlike x86 is doesn\u0027t disable\nKASAN reports during patching. This wasn\u0027t a problem at the begining\nbecause __patch_mem() is not instrumented.\n\nCommit 465cabc97b42 (\"powerpc/code-patching: introduce\npatch_instructions()\") use copy_to_kernel_nofault() to copy several\ninstructions at once. But when using temporary mm the destination is\nnot regular kernel memory but a kind of kernel-like memory located\nin user address space. \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21869",
"url": "https://www.suse.com/security/cve/CVE-2025-21869"
},
{
"category": "external",
"summary": "SUSE Bug 1240182 for CVE-2025-21869",
"url": "https://bugzilla.suse.com/1240182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers\n\nOther, non DAI copier widgets could have the same stream name (sname) as\nthe ALH copier and in that case the copier-\u003edata is NULL, no alh_data is\nattached, which could lead to NULL pointer dereference.\nWe could check for this NULL pointer in sof_ipc4_prepare_copier_module()\nand avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()\nwill miscalculate the ALH device count, causing broken audio.\n\nThe correct fix is to harden the matching logic by making sure that the\n1. widget is a DAI widget - so dai = w-\u003eprivate is valid\n2. the dai (and thus the copier) is ALH copier",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21870",
"url": "https://www.suse.com/security/cve/CVE-2025-21870"
},
{
"category": "external",
"summary": "SUSE Bug 1240191 for CVE-2025-21870",
"url": "https://bugzilla.suse.com/1240191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it\u0027s possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21871",
"url": "https://www.suse.com/security/cve/CVE-2025-21871"
},
{
"category": "external",
"summary": "SUSE Bug 1240183 for CVE-2025-21871",
"url": "https://bugzilla.suse.com/1240183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix suspicious RCU usage\n\nCommit \u003cd74169ceb0d2\u003e (\"iommu/vt-d: Allocate DMAR fault interrupts\nlocally\") moved the call to enable_drhd_fault_handling() to a code\npath that does not hold any lock while traversing the drhd list. Fix\nit by ensuring the dmar_global_lock lock is held when traversing the\ndrhd list.\n\nWithout this fix, the following warning is triggered:\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3 #55 Not tainted\n -----------------------------\n drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!!\n other info that might help us debug this:\n rcu_scheduler_active = 1, debug_locks = 1\n 2 locks held by cpuhp/1/23:\n #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n stack backtrace:\n CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xb7/0xd0\n lockdep_rcu_suspicious+0x159/0x1f0\n ? __pfx_enable_drhd_fault_handling+0x10/0x10\n enable_drhd_fault_handling+0x151/0x180\n cpuhp_invoke_callback+0x1df/0x990\n cpuhp_thread_fun+0x1ea/0x2c0\n smpboot_thread_fn+0x1f5/0x2e0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n kthread+0x12a/0x2d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4a/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nHolding the lock in enable_drhd_fault_handling() triggers a lockdep splat\nabout a possible deadlock between dmar_global_lock and cpu_hotplug_lock.\nThis is avoided by not holding dmar_global_lock when calling\niommu_device_register(), which initiates the device probe process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21876",
"url": "https://www.suse.com/security/cve/CVE-2025-21876"
},
{
"category": "external",
"summary": "SUSE Bug 1240179 for CVE-2025-21876",
"url": "https://bugzilla.suse.com/1240179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: gl620a: fix endpoint checking in genelink_bind()\n\nSyzbot reports [1] a warning in usb_submit_urb() triggered by\ninconsistencies between expected and actually present endpoints\nin gl620a driver. Since genelink_bind() does not properly\nverify whether specified eps are in fact provided by the device,\nin this case, an artificially manufactured one, one may get a\nmismatch.\n\nFix the issue by resorting to a usbnet utility function\nusbnet_get_endpoints(), usually reserved for this very problem.\nCheck for endpoints and return early before proceeding further if\nany are missing.\n\n[1] Syzbot report:\nusb 5-1: Manufacturer: syz\nusb 5-1: SerialNumber: syz\nusb 5-1: config 0 descriptor??\ngl620a 5-1:0.23 usb0: register \u0027gl620a\u0027 at usb-dummy_hcd.0-1, ...\n------------[ cut here ]------------\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nModules linked in:\nCPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:3827 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_resolve_output net/core/neighbour.c:1514 [inline]\n neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494\n neigh_output include/net/neighbour.h:539 [inline]\n ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819\n mld_send_cr net/ipv6/mcast.c:2120 [inline]\n mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651\n process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21877",
"url": "https://www.suse.com/security/cve/CVE-2025-21877"
},
{
"category": "external",
"summary": "SUSE Bug 1240172 for CVE-2025-21877",
"url": "https://bugzilla.suse.com/1240172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: npcm: disable interrupt enable bit before devm_request_irq\n\nThe customer reports that there is a soft lockup issue related to\nthe i2c driver. After checking, the i2c module was doing a tx transfer\nand the bmc machine reboots in the middle of the i2c transaction, the i2c\nmodule keeps the status without being reset.\n\nDue to such an i2c module status, the i2c irq handler keeps getting\ntriggered since the i2c irq handler is registered in the kernel booting\nprocess after the bmc machine is doing a warm rebooting.\nThe continuous triggering is stopped by the soft lockup watchdog timer.\n\nDisable the interrupt enable bit in the i2c module before calling\ndevm_request_irq to fix this issue since the i2c relative status bit\nis read-only.\n\nHere is the soft lockup log.\n[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]\n[ 28.183351] Modules linked in:\n[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1\n[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 28.208128] pc : __do_softirq+0xb0/0x368\n[ 28.212055] lr : __do_softirq+0x70/0x368\n[ 28.215972] sp : ffffff8035ebca00\n[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780\n[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0\n[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b\n[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff\n[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000\n[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2\n[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250\n[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434\n[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198\n[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40\n[ 28.290611] Call trace:\n[ 28.293052] __do_softirq+0xb0/0x368\n[ 28.296625] __irq_exit_rcu+0xe0/0x100\n[ 28.300374] irq_exit+0x14/0x20\n[ 28.303513] handle_domain_irq+0x68/0x90\n[ 28.307440] gic_handle_irq+0x78/0xb0\n[ 28.311098] call_on_irq_stack+0x20/0x38\n[ 28.315019] do_interrupt_handler+0x54/0x5c\n[ 28.319199] el1_interrupt+0x2c/0x4c\n[ 28.322777] el1h_64_irq_handler+0x14/0x20\n[ 28.326872] el1h_64_irq+0x74/0x78\n[ 28.330269] __setup_irq+0x454/0x780\n[ 28.333841] request_threaded_irq+0xd0/0x1b4\n[ 28.338107] devm_request_threaded_irq+0x84/0x100\n[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0\n[ 28.346990] platform_probe+0x6c/0xc4\n[ 28.350653] really_probe+0xcc/0x45c\n[ 28.354227] __driver_probe_device+0x8c/0x160\n[ 28.358578] driver_probe_device+0x44/0xe0\n[ 28.362670] __driver_attach+0x124/0x1d0\n[ 28.366589] bus_for_each_dev+0x7c/0xe0\n[ 28.370426] driver_attach+0x28/0x30\n[ 28.373997] bus_add_driver+0x124/0x240\n[ 28.377830] driver_register+0x7c/0x124\n[ 28.381662] __platform_driver_register+0x2c/0x34\n[ 28.386362] npcm_i2c_init+0x3c/0x5c\n[ 28.389937] do_one_initcall+0x74/0x230\n[ 28.393768] kernel_init_freeable+0x24c/0x2b4\n[ 28.398126] kernel_init+0x28/0x130\n[ 28.401614] ret_from_fork+0x10/0x20\n[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks\n[ 28.411011] SMP: stopping secondary CPUs\n[ 28.414933] Kernel Offset: disabled\n[ 28.418412] CPU features: 0x00000000,00000802\n[ 28.427644] Rebooting in 20 seconds..",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21878",
"url": "https://www.suse.com/security/cve/CVE-2025-21878"
},
{
"category": "external",
"summary": "SUSE Bug 1240192 for CVE-2025-21878",
"url": "https://bugzilla.suse.com/1240192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix deinitializing VF in error path\n\nIf ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees\nall VFs without removing them from snapshot PF-VF mailbox list, leading\nto list corruption.\n\nReproducer:\n devlink dev eswitch set $PF1_PCI mode switchdev\n ip l s $PF1 up\n ip l s $PF1 promisc on\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n\nTrace (minimized):\n list_add corruption. next-\u003eprev should be prev (ffff8882e241c6f0), but was 0000000000000000. (next=ffff888455da1330).\n kernel BUG at lib/list_debug.c:29!\n RIP: 0010:__list_add_valid_or_report+0xa6/0x100\n ice_mbx_init_vf_info+0xa7/0x180 [ice]\n ice_initialize_vf_entry+0x1fa/0x250 [ice]\n ice_sriov_configure+0x8d7/0x1520 [ice]\n ? __percpu_ref_switch_mode+0x1b1/0x5d0\n ? __pfx_ice_sriov_configure+0x10/0x10 [ice]\n\nSometimes a KASAN report can be seen instead with a similar stack trace:\n BUG: KASAN: use-after-free in __list_add_valid_or_report+0xf1/0x100\n\nVFs are added to this list in ice_mbx_init_vf_info(), but only removed\nin ice_free_vfs(). Move the removing to ice_free_vf_entries(), which is\nalso being called in other places where VFs are being removed (including\nice_free_vfs() itself).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21883",
"url": "https://www.suse.com/security/cve/CVE-2025-21883"
},
{
"category": "external",
"summary": "SUSE Bug 1240189 for CVE-2025-21883",
"url": "https://bugzilla.suse.com/1240189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix the page details for the srq created by kernel consumers\n\nWhile using nvme target with use_srq on, below kernel panic is noticed.\n\n[ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514)\n[ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n..\n[ 566.393799] \u003cTASK\u003e\n[ 566.393807] ? __die_body+0x1a/0x60\n[ 566.393823] ? die+0x38/0x60\n[ 566.393835] ? do_trap+0xe4/0x110\n[ 566.393847] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393867] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393881] ? do_error_trap+0x7c/0x120\n[ 566.393890] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393911] ? exc_divide_error+0x34/0x50\n[ 566.393923] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393939] ? asm_exc_divide_error+0x16/0x20\n[ 566.393966] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393997] bnxt_qplib_create_srq+0xc9/0x340 [bnxt_re]\n[ 566.394040] bnxt_re_create_srq+0x335/0x3b0 [bnxt_re]\n[ 566.394057] ? srso_return_thunk+0x5/0x5f\n[ 566.394068] ? __init_swait_queue_head+0x4a/0x60\n[ 566.394090] ib_create_srq_user+0xa7/0x150 [ib_core]\n[ 566.394147] nvmet_rdma_queue_connect+0x7d0/0xbe0 [nvmet_rdma]\n[ 566.394174] ? lock_release+0x22c/0x3f0\n[ 566.394187] ? srso_return_thunk+0x5/0x5f\n\nPage size and shift info is set only for the user space SRQs.\nSet page size and page shift for kernel space SRQs also.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21885",
"url": "https://www.suse.com/security/cve/CVE-2025-21885"
},
{
"category": "external",
"summary": "SUSE Bug 1240169 for CVE-2025-21885",
"url": "https://bugzilla.suse.com/1240169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP hang on parent deregistration\n\nFix the destroy_unused_implicit_child_mr() to prevent hanging during\nparent deregistration as of below [1].\n\nUpon entering destroy_unused_implicit_child_mr(), the reference count\nfor the implicit MR parent is incremented using:\nrefcount_inc_not_zero().\n\nA corresponding decrement must be performed if\nfree_implicit_child_mr_work() is not called.\n\nThe code has been updated to properly manage the reference count that\nwas incremented.\n\n[1]\nINFO: task python3:2157 blocked for more than 120 seconds.\nNot tainted 6.12.0-rc7+ #1633\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:python3 state:D stack:0 pid:2157 tgid:2157 ppid:1685 flags:0x00000000\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\n__mlx5_ib_dereg_mr+0x379/0x5d0 [mlx5_ib]\n? __pfx_autoremove_wake_function+0x10/0x10\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n __x64_sys_ioctl+0x1b0/0xa70\n? kmem_cache_free+0x221/0x400\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f20f21f017b\nRSP: 002b:00007ffcfc4a77c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffcfc4a78d8 RCX: 00007f20f21f017b\nRDX: 00007ffcfc4a78c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffcfc4a78a0 R08: 000056147d125190 R09: 00007f20f1f14c60\nR10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcfc4a7890\nR13: 000000000000001c R14: 000056147d100fc0 R15: 00007f20e365c9d0\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21886",
"url": "https://www.suse.com/security/cve/CVE-2025-21886"
},
{
"category": "external",
"summary": "SUSE Bug 1240188 for CVE-2025-21886",
"url": "https://bugzilla.suse.com/1240188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a WARN during dereg_mr for DM type\n\nMemory regions (MR) of type DM (device memory) do not have an associated\numem.\n\nIn the __mlx5_ib_dereg_mr() -\u003e mlx5_free_priv_descs() flow, the code\nincorrectly takes the wrong branch, attempting to call\ndma_unmap_single() on a DMA address that is not mapped.\n\nThis results in a WARN [1], as shown below.\n\nThe issue is resolved by properly accounting for the DM type and\nensuring the correct branch is selected in mlx5_free_priv_descs().\n\n[1]\nWARNING: CPU: 12 PID: 1346 at drivers/iommu/dma-iommu.c:1230 iommu_dma_unmap_page+0x79/0x90\nModules linked in: ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry ovelay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\nCPU: 12 UID: 0 PID: 1346 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1631\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:iommu_dma_unmap_page+0x79/0x90\nCode: 2b 49 3b 29 72 26 49 3b 69 08 73 20 4d 89 f0 44 89 e9 4c 89 e2 48 89 ee 48 89 df 5b 5d 41 5c 41 5d 41 5e 41 5f e9 07 b8 88 ff \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 66 0f 1f 44 00\nRSP: 0018:ffffc90001913a10 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810194b0a8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001\nRBP: ffff88810194b0a8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f537abdd740(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f537aeb8000 CR3: 000000010c248001 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x84/0x190\n? iommu_dma_unmap_page+0x79/0x90\n? report_bug+0xf8/0x1c0\n? handle_bug+0x55/0x90\n? exc_invalid_op+0x13/0x60\n? asm_exc_invalid_op+0x16/0x20\n? iommu_dma_unmap_page+0x79/0x90\ndma_unmap_page_attrs+0xe6/0x290\nmlx5_free_priv_descs+0xb0/0xe0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x37e/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f537adaf17b\nCode: 0f 1e fa 48 8b 05 1d ad 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed ac 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffff218f0b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffff218f1d8 RCX: 00007f537adaf17b\nRDX: 00007ffff218f1c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffff218f1a0 R08: 00007f537aa8d010 R09: 0000561ee2e4f270\nR10: 00007f537aace3a8 R11: 0000000000000246 R12: 00007ffff218f190\nR13: 000000000000001c R14: 0000561ee2e4d7c0 R15: 00007ffff218f450\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21888",
"url": "https://www.suse.com/security/cve/CVE-2025-21888"
},
{
"category": "external",
"summary": "SUSE Bug 1240177 for CVE-2025-21888",
"url": "https://bugzilla.suse.com/1240177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix checksums set in idpf_rx_rsc()\n\nidpf_rx_rsc() uses skb_transport_offset(skb) while the transport header\nis not set yet.\n\nThis triggers the following warning for CONFIG_DEBUG_NET=y builds.\n\nDEBUG_NET_WARN_ON_ONCE(!skb_transport_header_was_set(skb))\n\n[ 69.261620] WARNING: CPU: 7 PID: 0 at ./include/linux/skbuff.h:3020 idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261629] Modules linked in: vfat fat dummy bridge intel_uncore_frequency_tpmi intel_uncore_frequency_common intel_vsec_tpmi idpf intel_vsec cdc_ncm cdc_eem cdc_ether usbnet mii xhci_pci xhci_hcd ehci_pci ehci_hcd libeth\n[ 69.261644] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Tainted: G S W 6.14.0-smp-DEV #1697\n[ 69.261648] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN\n[ 69.261650] RIP: 0010:idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261677] ? __warn (kernel/panic.c:242 kernel/panic.c:748)\n[ 69.261682] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261687] ? report_bug (lib/bug.c:?)\n[ 69.261690] ? handle_bug (arch/x86/kernel/traps.c:285)\n[ 69.261694] ? exc_invalid_op (arch/x86/kernel/traps.c:309)\n[ 69.261697] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 69.261700] ? __pfx_idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:4011) idpf\n[ 69.261704] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261708] ? idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:3072) idpf\n[ 69.261712] __napi_poll (net/core/dev.c:7194)\n[ 69.261716] net_rx_action (net/core/dev.c:7265)\n[ 69.261718] ? __qdisc_run (net/sched/sch_generic.c:293)\n[ 69.261721] ? sched_clock (arch/x86/include/asm/preempt.h:84 arch/x86/kernel/tsc.c:288)\n[ 69.261726] handle_softirqs (kernel/softirq.c:561)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21890",
"url": "https://www.suse.com/security/cve/CVE-2025-21890"
},
{
"category": "external",
"summary": "SUSE Bug 1240173 for CVE-2025-21890",
"url": "https://bugzilla.suse.com/1240173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21891",
"url": "https://www.suse.com/security/cve/CVE-2025-21891"
},
{
"category": "external",
"summary": "SUSE Bug 1240186 for CVE-2025-21891",
"url": "https://bugzilla.suse.com/1240186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix the recovery flow of the UMR QP\n\nThis patch addresses an issue in the recovery flow of the UMR QP,\nensuring tasks do not get stuck, as highlighted by the call trace [1].\n\nDuring recovery, before transitioning the QP to the RESET state, the\nsoftware must wait for all outstanding WRs to complete.\n\nFailing to do so can cause the firmware to skip sending some flushed\nCQEs with errors and simply discard them upon the RESET, as per the IB\nspecification.\n\nThis race condition can result in lost CQEs and tasks becoming stuck.\n\nTo resolve this, the patch sends a final WR which serves only as a\nbarrier before moving the QP state to RESET.\n\nOnce a CQE is received for that final WR, it guarantees that no\noutstanding WRs remain, making it safe to transition the QP to RESET and\nsubsequently back to RTS, restoring proper functionality.\n\nNote:\nFor the barrier WR, we simply reuse the failed and ready WR.\nSince the QP is in an error state, it will only receive\nIB_WC_WR_FLUSH_ERR. However, as it serves only as a barrier we don\u0027t\ncare about its status.\n\n[1]\nINFO: task rdma_resource_l:1922 blocked for more than 120 seconds.\nTainted: G W 6.12.0-rc7+ #1626\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:rdma_resource_l state:D stack:0 pid:1922 tgid:1922 ppid:1369\n flags:0x00004004\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\nschedule_timeout+0x280/0x300\n? mark_held_locks+0x48/0x80\n? lockdep_hardirqs_on_prepare+0xe5/0x1a0\nwait_for_completion+0x75/0x130\nmlx5r_umr_post_send_wait+0x3c2/0x5b0 [mlx5_ib]\n? __pfx_mlx5r_umr_done+0x10/0x10 [mlx5_ib]\nmlx5r_umr_revoke_mr+0x93/0xc0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x299/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? __lock_acquire+0x64e/0x2080\n? mark_held_locks+0x48/0x80\n? find_held_lock+0x2d/0xa0\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? __fget_files+0xc3/0x1b0\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f99c918b17b\nRSP: 002b:00007ffc766d0468 EFLAGS: 00000246 ORIG_RAX:\n 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffc766d0578 RCX:\n 00007f99c918b17b\nRDX: 00007ffc766d0560 RSI: 00000000c0181b01 RDI:\n 0000000000000003\nRBP: 00007ffc766d0540 R08: 00007f99c8f99010 R09:\n 000000000000bd7e\nR10: 00007f99c94c1c70 R11: 0000000000000246 R12:\n 00007ffc766d0530\nR13: 000000000000001c R14: 0000000040246a80 R15:\n 0000000000000000\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21892",
"url": "https://www.suse.com/security/cve/CVE-2025-21892"
},
{
"category": "external",
"summary": "SUSE Bug 1240175 for CVE-2025-21892",
"url": "https://bugzilla.suse.com/1240175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21892"
}
]
}
suse-su-2025:0834-1
Vulnerability from csaf_suse
Published
2025-03-11 10:55
Modified
2025-03-11 10:55
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM (bsc#1186482).
- CVE-2021-47634: ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl (bsc#1237758).
- CVE-2021-47644: media: staging: media: zoran: move videodev alloc (bsc#1237766).
- CVE-2022-48953: rtc: cmos: fix build on non-ACPI platforms (bsc#1231941).
- CVE-2022-48975: gpiolib: fix memory leak in gpiochip_setup_dev() (bsc#1231885).
- CVE-2022-49006: tracing: Free buffers when a used dynamic event is removed (bsc#1232163).
- CVE-2022-49076: RDMA/hfi1: Fix use-after-free bug for mm struct (bsc#1237738).
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2022-49089: IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (bsc#1238041).
- CVE-2022-49124: x86/mce: Work around an erratum on fast string copy instructions (bsc#1238148).
- CVE-2022-49134: mlxsw: spectrum: Guard against invalid local ports (bsc#1237982).
- CVE-2022-49135: drm/amd/display: Fix memory leak (bsc#1238006).
- CVE-2022-49151: can: mcba_usb: properly check endpoint type (bsc#1237778).
- CVE-2022-49178: memstick/mspro_block: fix handling of read-only devices (bsc#1238107).
- CVE-2022-49182: net: hns3: add vlan list lock to protect vlan list (bsc#1238260).
- CVE-2022-49201: ibmvnic: fix race between xmit and reset (bsc#1238256).
- CVE-2022-49247: media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (bsc#1237783).
- CVE-2022-49490: drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is (bsc#1238275).
- CVE-2022-49626: sfc: fix use after free when disabling sriov (bsc#1238270).
- CVE-2022-49661: can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1237788).
- CVE-2023-52572: Fixed UAF in cifs_demultiplex_thread() in cifs (bsc#1220946).
- CVE-2023-52853: hid: cp2112: Fix duplicate workqueue initialization (bsc#1224988).
- CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095).
- CVE-2024-49963: mailbox: bcm2835: Fix timeout during suspend mode (bsc#1232147).
- CVE-2024-49975: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1232104).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50067: uprobe: avoid out-of-bounds memory access of fetching args (bsc#1232416).
- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).
- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
- CVE-2024-53217: nfsd: restore callback functionality for NFSv4.0 (bsc#1234999).
- CVE-2024-56633: bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data (bsc#1235485).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56688: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (bsc#1235538).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21689: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (bsc#1237017).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
The following non-security bugs were fixed:
- bpf: fix mixed signed/unsigned derived min/max value bounds (bsc#1050081).
- btrfs: add a flag to iterate_inodes_from_logical to find all
- btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206).
- cifs: Fix use after free of a mid_q_entry (bsc#1112903).
- cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902).
- cifs: fix memory leak in SMB2_open() (bsc#1112894).
- crypto: caam/qi - fix IV DMA mapping and updating (bsc#1051510).
- drm/amd/powerplay: Fix missing break in switch (bsc#1120902)
- drm/i915: Remove stale asserts from i915_gem_find_active_request() (bsc#1051510).
- drm/i915: Restore planes after load detection (bsc#1051510).
- drm/i915: always return something on DDI clock selection (bsc#1120902)
- drm/msm/mdp5: Fix global state lock backoff (bsc#1238275)
- fix SCTP regression (bsc#1158082)
- fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358).
- iio: trigger: stm32-timer: fix get/set down count direction (bsc#1051510).
- kABI: Add clear_trace to trace_array (bsc#1232163).
- kABI: Preserve TRACE_EVENT_FL values (bsc#1232163).
- mm, numa: Migrate pages to local nodes quicker early in the lifetime of a task (bnc#1101669).
- mm, numa: Remove rate-limiting of automatic numa balancing migration (bnc#1101669).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- powerpc/64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- powerpc/papr_scm: Fix DIMM device registration race (FATE#326628, bsc#1113295, git-fixes).
- powerpc/papr_scm: Fix DIMM device registration race (bsc#1113295, git-fixes).
- powerpc/papr_scm: Fix resource end address (FATE#326628, bsc#1113295, git-fixes).
- powerpc/papr_scm: Fix resource end address (bsc#1113295, git-fixes).
- powerpc/papr_scm: Remove endian conversions (FATE#326628, bsc#1113295, git-fixes).
- powerpc/papr_scm: Remove endian conversions (bsc#1113295, git-fixes).
- powerpc/papr_scm: Update DT properties (FATE#326628, bsc#1113295, git-fixes).
- powerpc/papr_scm: Update DT properties (bsc#1113295, git-fixes).
- powerpc/papr_scm: Use depend instead of select (FATE#326628, bsc#1113295, git-fixes).
- powerpc/papr_scm: Use depend instead of select (bsc#1113295, git-fixes).
- powerpc/papr_scm: Use ibm,unit-guid as the iset cookie (FATE#326628, bsc#1113295, git-fixes).
- powerpc/papr_scm: Use ibm,unit-guid as the iset cookie (bsc#1113295, git-fixes).
- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- rpm/kernel-source.spec.in: Add subpackage-names.conf as source.
- s390/cpum_cf: rename IBM z13/z14 counter names (FATE#326341, LTC#169491, bsc#1100823).
- s390/cpum_cf: rename IBM z13/z14 counter names (LTC#169491, bsc#1100823).
- s390/dasd: fix hanging offline processing due to canceled worker (bsc#1175165).
- sched/numa: Avoid task migration for small NUMA improvement (bnc#1101669).
- sched/numa: Pass destination CPU as a parameter to migrate_task_rq (bnc#1101669).
- sched/numa: Reset scan rate whenever task moves across nodes (bnc#1101669).
- sched/numa: Stop multiple tasks from moving to the CPU at the same time (bnc#1101669).
- scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246).
- scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731).
- scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).
- scsi: storvsc: Add validation for untrusted Hyper-V values (git-fixes).
- scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).
- scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
- scsi: storvsc: Fix spelling mistake (git-fixes).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes).
- scsi: storvsc: Miscellaneous code cleanups (git-fixes).
- scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes).
- scsi: storvsc: Update error logging (git-fixes).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- smb2: fix missing files in root share directory listing (bsc#1112907).
- smb3: fill in statfs fsid and correct namelen (bsc#1112905).
- smb3: fix reset of bytes read and written stats (bsc#1112906).
- smb3: on reconnect set PreviousSessionId field (bsc#1112899).
- tracing: Only have rmmod clear buffers that its events were active in (bsc#1232163).
- ubi: fastmap: Cancel work upon detach (bsc#1051510).
Patchnames
SUSE-2025-834,SUSE-SLE-HA-12-SP5-2025-834,SUSE-SLE-Live-Patching-12-SP5-2025-834,SUSE-SLE-SERVER-12-SP5-LTSS-2025-834,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-834
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM (bsc#1186482).\n- CVE-2021-47634: ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl (bsc#1237758).\n- CVE-2021-47644: media: staging: media: zoran: move videodev alloc (bsc#1237766).\n- CVE-2022-48953: rtc: cmos: fix build on non-ACPI platforms (bsc#1231941).\n- CVE-2022-48975: gpiolib: fix memory leak in gpiochip_setup_dev() (bsc#1231885).\n- CVE-2022-49006: tracing: Free buffers when a used dynamic event is removed (bsc#1232163).\n- CVE-2022-49076: RDMA/hfi1: Fix use-after-free bug for mm struct (bsc#1237738).\n- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).\n- CVE-2022-49089: IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (bsc#1238041).\n- CVE-2022-49124: x86/mce: Work around an erratum on fast string copy instructions (bsc#1238148).\n- CVE-2022-49134: mlxsw: spectrum: Guard against invalid local ports (bsc#1237982).\n- CVE-2022-49135: drm/amd/display: Fix memory leak (bsc#1238006).\n- CVE-2022-49151: can: mcba_usb: properly check endpoint type (bsc#1237778).\n- CVE-2022-49178: memstick/mspro_block: fix handling of read-only devices (bsc#1238107).\n- CVE-2022-49182: net: hns3: add vlan list lock to protect vlan list (bsc#1238260).\n- CVE-2022-49201: ibmvnic: fix race between xmit and reset (bsc#1238256).\n- CVE-2022-49247: media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (bsc#1237783).\n- CVE-2022-49490: drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is (bsc#1238275).\n- CVE-2022-49626: sfc: fix use after free when disabling sriov (bsc#1238270).\n- CVE-2022-49661: can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1237788).\n- CVE-2023-52572: Fixed UAF in cifs_demultiplex_thread() in cifs (bsc#1220946).\n- CVE-2023-52853: hid: cp2112: Fix duplicate workqueue initialization (bsc#1224988).\n- CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821).\n- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).\n- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).\n- CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095).\n- CVE-2024-49963: mailbox: bcm2835: Fix timeout during suspend mode (bsc#1232147).\n- CVE-2024-49975: uprobes: fix kernel info leak via \u0027[uprobes]\u0027 vma (bsc#1232104).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50067: uprobe: avoid out-of-bounds memory access of fetching args (bsc#1232416).\n- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).\n- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).\n- CVE-2024-53217: nfsd: restore callback functionality for NFSv4.0 (bsc#1234999).\n- CVE-2024-56633: bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data (bsc#1235485).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56688: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (bsc#1235538).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21689: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (bsc#1237017).\n- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).\n\nThe following non-security bugs were fixed:\n\n- bpf: fix mixed signed/unsigned derived min/max value bounds (bsc#1050081).\n- btrfs: add a flag to iterate_inodes_from_logical to find all\n- btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206).\n- cifs: Fix use after free of a mid_q_entry (bsc#1112903).\n- cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902).\n- cifs: fix memory leak in SMB2_open() (bsc#1112894).\n- crypto: caam/qi - fix IV DMA mapping and updating (bsc#1051510).\n- drm/amd/powerplay: Fix missing break in switch (bsc#1120902)\n- drm/i915: Remove stale asserts from i915_gem_find_active_request() (bsc#1051510).\n- drm/i915: Restore planes after load detection (bsc#1051510).\n- drm/i915: always return something on DDI clock selection (bsc#1120902)\n- drm/msm/mdp5: Fix global state lock backoff (bsc#1238275)\n- fix SCTP regression (bsc#1158082)\n- fixup \u0027rpm: support gz and zst compression methods\u0027 once more (bsc#1190428, bsc#1190358).\n- iio: trigger: stm32-timer: fix get/set down count direction (bsc#1051510).\n- kABI: Add clear_trace to trace_array (bsc#1232163).\n- kABI: Preserve TRACE_EVENT_FL values (bsc#1232163).\n- mm, numa: Migrate pages to local nodes quicker early in the lifetime of a task (bnc#1101669).\n- mm, numa: Remove rate-limiting of automatic numa balancing migration (bnc#1101669).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: netvsc: Update default VMBus channels (bsc#1236757).\n- powerpc/64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).\n- powerpc/papr_scm: Fix DIMM device registration race (FATE#326628, bsc#1113295, git-fixes).\n- powerpc/papr_scm: Fix DIMM device registration race (bsc#1113295, git-fixes).\n- powerpc/papr_scm: Fix resource end address (FATE#326628, bsc#1113295, git-fixes).\n- powerpc/papr_scm: Fix resource end address (bsc#1113295, git-fixes).\n- powerpc/papr_scm: Remove endian conversions (FATE#326628, bsc#1113295, git-fixes).\n- powerpc/papr_scm: Remove endian conversions (bsc#1113295, git-fixes).\n- powerpc/papr_scm: Update DT properties (FATE#326628, bsc#1113295, git-fixes).\n- powerpc/papr_scm: Update DT properties (bsc#1113295, git-fixes).\n- powerpc/papr_scm: Use depend instead of select (FATE#326628, bsc#1113295, git-fixes).\n- powerpc/papr_scm: Use depend instead of select (bsc#1113295, git-fixes).\n- powerpc/papr_scm: Use ibm,unit-guid as the iset cookie (FATE#326628, bsc#1113295, git-fixes).\n- powerpc/papr_scm: Use ibm,unit-guid as the iset cookie (bsc#1113295, git-fixes).\n- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).\n- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).\n- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression\n- rpm/kernel-source.spec.in: Add subpackage-names.conf as source.\n- s390/cpum_cf: rename IBM z13/z14 counter names (FATE#326341, LTC#169491, bsc#1100823).\n- s390/cpum_cf: rename IBM z13/z14 counter names (LTC#169491, bsc#1100823).\n- s390/dasd: fix hanging offline processing due to canceled worker (bsc#1175165).\n- sched/numa: Avoid task migration for small NUMA improvement (bnc#1101669).\n- sched/numa: Pass destination CPU as a parameter to migrate_task_rq (bnc#1101669).\n- sched/numa: Reset scan rate whenever task moves across nodes (bnc#1101669).\n- sched/numa: Stop multiple tasks from moving to the CPU at the same time (bnc#1101669).\n- scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246).\n- scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731).\n- scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731).\n- scsi: storvsc: Add validation for untrusted Hyper-V values (git-fixes).\n- scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).\n- scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).\n- scsi: storvsc: Fix spelling mistake (git-fixes).\n- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).\n- scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes).\n- scsi: storvsc: Miscellaneous code cleanups (git-fixes).\n- scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes).\n- scsi: storvsc: Update error logging (git-fixes).\n- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).\n- smb2: fix missing files in root share directory listing (bsc#1112907).\n- smb3: fill in statfs fsid and correct namelen (bsc#1112905).\n- smb3: fix reset of bytes read and written stats (bsc#1112906).\n- smb3: on reconnect set PreviousSessionId field (bsc#1112899).\n- tracing: Only have rmmod clear buffers that its events were active in (bsc#1232163).\n- ubi: fastmap: Cancel work upon detach (bsc#1051510).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-834,SUSE-SLE-HA-12-SP5-2025-834,SUSE-SLE-Live-Patching-12-SP5-2025-834,SUSE-SLE-SERVER-12-SP5-LTSS-2025-834,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-834",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0834-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0834-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250834-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0834-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020497.html"
},
{
"category": "self",
"summary": "SUSE Bug 1050081",
"url": "https://bugzilla.suse.com/1050081"
},
{
"category": "self",
"summary": "SUSE Bug 1051510",
"url": "https://bugzilla.suse.com/1051510"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1100823",
"url": "https://bugzilla.suse.com/1100823"
},
{
"category": "self",
"summary": "SUSE Bug 1101669",
"url": "https://bugzilla.suse.com/1101669"
},
{
"category": "self",
"summary": "SUSE Bug 1104731",
"url": "https://bugzilla.suse.com/1104731"
},
{
"category": "self",
"summary": "SUSE Bug 1112246",
"url": "https://bugzilla.suse.com/1112246"
},
{
"category": "self",
"summary": "SUSE Bug 1112894",
"url": "https://bugzilla.suse.com/1112894"
},
{
"category": "self",
"summary": "SUSE Bug 1112899",
"url": "https://bugzilla.suse.com/1112899"
},
{
"category": "self",
"summary": "SUSE Bug 1112902",
"url": "https://bugzilla.suse.com/1112902"
},
{
"category": "self",
"summary": "SUSE Bug 1112903",
"url": "https://bugzilla.suse.com/1112903"
},
{
"category": "self",
"summary": "SUSE Bug 1112905",
"url": "https://bugzilla.suse.com/1112905"
},
{
"category": "self",
"summary": "SUSE Bug 1112906",
"url": "https://bugzilla.suse.com/1112906"
},
{
"category": "self",
"summary": "SUSE Bug 1112907",
"url": "https://bugzilla.suse.com/1112907"
},
{
"category": "self",
"summary": "SUSE Bug 1113295",
"url": "https://bugzilla.suse.com/1113295"
},
{
"category": "self",
"summary": "SUSE Bug 1120902",
"url": "https://bugzilla.suse.com/1120902"
},
{
"category": "self",
"summary": "SUSE Bug 1141539",
"url": "https://bugzilla.suse.com/1141539"
},
{
"category": "self",
"summary": "SUSE Bug 1158082",
"url": "https://bugzilla.suse.com/1158082"
},
{
"category": "self",
"summary": "SUSE Bug 1174206",
"url": "https://bugzilla.suse.com/1174206"
},
{
"category": "self",
"summary": "SUSE Bug 1175165",
"url": "https://bugzilla.suse.com/1175165"
},
{
"category": "self",
"summary": "SUSE Bug 1179444",
"url": "https://bugzilla.suse.com/1179444"
},
{
"category": "self",
"summary": "SUSE Bug 1186482",
"url": "https://bugzilla.suse.com/1186482"
},
{
"category": "self",
"summary": "SUSE Bug 1188601",
"url": "https://bugzilla.suse.com/1188601"
},
{
"category": "self",
"summary": "SUSE Bug 1190358",
"url": "https://bugzilla.suse.com/1190358"
},
{
"category": "self",
"summary": "SUSE Bug 1190428",
"url": "https://bugzilla.suse.com/1190428"
},
{
"category": "self",
"summary": "SUSE Bug 1191881",
"url": "https://bugzilla.suse.com/1191881"
},
{
"category": "self",
"summary": "SUSE Bug 1201420",
"url": "https://bugzilla.suse.com/1201420"
},
{
"category": "self",
"summary": "SUSE Bug 1203410",
"url": "https://bugzilla.suse.com/1203410"
},
{
"category": "self",
"summary": "SUSE Bug 1203935",
"url": "https://bugzilla.suse.com/1203935"
},
{
"category": "self",
"summary": "SUSE Bug 1207168",
"url": "https://bugzilla.suse.com/1207168"
},
{
"category": "self",
"summary": "SUSE Bug 1212051",
"url": "https://bugzilla.suse.com/1212051"
},
{
"category": "self",
"summary": "SUSE Bug 1217947",
"url": "https://bugzilla.suse.com/1217947"
},
{
"category": "self",
"summary": "SUSE Bug 1219169",
"url": "https://bugzilla.suse.com/1219169"
},
{
"category": "self",
"summary": "SUSE Bug 1220946",
"url": "https://bugzilla.suse.com/1220946"
},
{
"category": "self",
"summary": "SUSE Bug 1221816",
"url": "https://bugzilla.suse.com/1221816"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1223432",
"url": "https://bugzilla.suse.com/1223432"
},
{
"category": "self",
"summary": "SUSE Bug 1223509",
"url": "https://bugzilla.suse.com/1223509"
},
{
"category": "self",
"summary": "SUSE Bug 1223512",
"url": "https://bugzilla.suse.com/1223512"
},
{
"category": "self",
"summary": "SUSE Bug 1223524",
"url": "https://bugzilla.suse.com/1223524"
},
{
"category": "self",
"summary": "SUSE Bug 1223626",
"url": "https://bugzilla.suse.com/1223626"
},
{
"category": "self",
"summary": "SUSE Bug 1223627",
"url": "https://bugzilla.suse.com/1223627"
},
{
"category": "self",
"summary": "SUSE Bug 1223712",
"url": "https://bugzilla.suse.com/1223712"
},
{
"category": "self",
"summary": "SUSE Bug 1223715",
"url": "https://bugzilla.suse.com/1223715"
},
{
"category": "self",
"summary": "SUSE Bug 1223744",
"url": "https://bugzilla.suse.com/1223744"
},
{
"category": "self",
"summary": "SUSE Bug 1223819",
"url": "https://bugzilla.suse.com/1223819"
},
{
"category": "self",
"summary": "SUSE Bug 1224095",
"url": "https://bugzilla.suse.com/1224095"
},
{
"category": "self",
"summary": "SUSE Bug 1224988",
"url": "https://bugzilla.suse.com/1224988"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1231885",
"url": "https://bugzilla.suse.com/1231885"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231941",
"url": "https://bugzilla.suse.com/1231941"
},
{
"category": "self",
"summary": "SUSE Bug 1232104",
"url": "https://bugzilla.suse.com/1232104"
},
{
"category": "self",
"summary": "SUSE Bug 1232147",
"url": "https://bugzilla.suse.com/1232147"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232163",
"url": "https://bugzilla.suse.com/1232163"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232262",
"url": "https://bugzilla.suse.com/1232262"
},
{
"category": "self",
"summary": "SUSE Bug 1232416",
"url": "https://bugzilla.suse.com/1232416"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233248",
"url": "https://bugzilla.suse.com/1233248"
},
{
"category": "self",
"summary": "SUSE Bug 1233522",
"url": "https://bugzilla.suse.com/1233522"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1234999",
"url": "https://bugzilla.suse.com/1234999"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235538",
"url": "https://bugzilla.suse.com/1235538"
},
{
"category": "self",
"summary": "SUSE Bug 1235965",
"url": "https://bugzilla.suse.com/1235965"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236757",
"url": "https://bugzilla.suse.com/1236757"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237738",
"url": "https://bugzilla.suse.com/1237738"
},
{
"category": "self",
"summary": "SUSE Bug 1237758",
"url": "https://bugzilla.suse.com/1237758"
},
{
"category": "self",
"summary": "SUSE Bug 1237766",
"url": "https://bugzilla.suse.com/1237766"
},
{
"category": "self",
"summary": "SUSE Bug 1237778",
"url": "https://bugzilla.suse.com/1237778"
},
{
"category": "self",
"summary": "SUSE Bug 1237783",
"url": "https://bugzilla.suse.com/1237783"
},
{
"category": "self",
"summary": "SUSE Bug 1237788",
"url": "https://bugzilla.suse.com/1237788"
},
{
"category": "self",
"summary": "SUSE Bug 1237875",
"url": "https://bugzilla.suse.com/1237875"
},
{
"category": "self",
"summary": "SUSE Bug 1237982",
"url": "https://bugzilla.suse.com/1237982"
},
{
"category": "self",
"summary": "SUSE Bug 1238006",
"url": "https://bugzilla.suse.com/1238006"
},
{
"category": "self",
"summary": "SUSE Bug 1238033",
"url": "https://bugzilla.suse.com/1238033"
},
{
"category": "self",
"summary": "SUSE Bug 1238041",
"url": "https://bugzilla.suse.com/1238041"
},
{
"category": "self",
"summary": "SUSE Bug 1238107",
"url": "https://bugzilla.suse.com/1238107"
},
{
"category": "self",
"summary": "SUSE Bug 1238148",
"url": "https://bugzilla.suse.com/1238148"
},
{
"category": "self",
"summary": "SUSE Bug 1238256",
"url": "https://bugzilla.suse.com/1238256"
},
{
"category": "self",
"summary": "SUSE Bug 1238260",
"url": "https://bugzilla.suse.com/1238260"
},
{
"category": "self",
"summary": "SUSE Bug 1238270",
"url": "https://bugzilla.suse.com/1238270"
},
{
"category": "self",
"summary": "SUSE Bug 1238275",
"url": "https://bugzilla.suse.com/1238275"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22543 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37159 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47634 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-47644 page",
"url": "https://www.suse.com/security/cve/CVE-2021-47644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2991 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48636 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48650 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48953 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48975 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49006 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49076 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49080 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49089 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49124 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49134 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49135 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49151 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49178 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49182 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49201 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49247 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49247/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49490 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49626 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49626/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-49661 page",
"url": "https://www.suse.com/security/cve/CVE-2022-49661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0394 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0394/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52572 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52646 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52653 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52853 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6606 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23307 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26929 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26930 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26931 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27054 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27388 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27388/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27397 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49867 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49963 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49963/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49975 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50067 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50251 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50304 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53217 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56688 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57896 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21753/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-03-11T10:55:11Z",
"generator": {
"date": "2025-03-11T10:55:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0834-1",
"initial_release_date": "2025-03-11T10:55:11Z",
"revision_history": [
{
"date": "2025-03-11T10:55:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"product": {
"name": "cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"product_id": "cluster-md-kmp-default-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-122.250.1.aarch64",
"product": {
"name": "dlm-kmp-default-4.12.14-122.250.1.aarch64",
"product_id": "dlm-kmp-default-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"product": {
"name": "gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"product_id": "gfs2-kmp-default-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-122.250.1.aarch64",
"product": {
"name": "kernel-default-4.12.14-122.250.1.aarch64",
"product_id": "kernel-default-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-122.250.1.aarch64",
"product": {
"name": "kernel-default-base-4.12.14-122.250.1.aarch64",
"product_id": "kernel-default-base-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-122.250.1.aarch64",
"product": {
"name": "kernel-default-devel-4.12.14-122.250.1.aarch64",
"product_id": "kernel-default-devel-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-122.250.1.aarch64",
"product": {
"name": "kernel-default-extra-4.12.14-122.250.1.aarch64",
"product_id": "kernel-default-extra-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.12.14-122.250.1.aarch64",
"product": {
"name": "kernel-default-kgraft-4.12.14-122.250.1.aarch64",
"product_id": "kernel-default-kgraft-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-122.250.1.aarch64",
"product": {
"name": "kernel-obs-build-4.12.14-122.250.1.aarch64",
"product_id": "kernel-obs-build-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-122.250.1.aarch64",
"product": {
"name": "kernel-obs-qa-4.12.14-122.250.1.aarch64",
"product_id": "kernel-obs-qa-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-122.250.1.aarch64",
"product": {
"name": "kernel-syms-4.12.14-122.250.1.aarch64",
"product_id": "kernel-syms-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-122.250.1.aarch64",
"product": {
"name": "kernel-vanilla-4.12.14-122.250.1.aarch64",
"product_id": "kernel-vanilla-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-122.250.1.aarch64",
"product": {
"name": "kernel-vanilla-base-4.12.14-122.250.1.aarch64",
"product_id": "kernel-vanilla-base-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-122.250.1.aarch64",
"product": {
"name": "kernel-vanilla-devel-4.12.14-122.250.1.aarch64",
"product_id": "kernel-vanilla-devel-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-122.250.1.aarch64",
"product": {
"name": "kselftests-kmp-default-4.12.14-122.250.1.aarch64",
"product_id": "kselftests-kmp-default-4.12.14-122.250.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"product": {
"name": "ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"product_id": "ocfs2-kmp-default-4.12.14-122.250.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-4.12.14-122.250.1.noarch",
"product": {
"name": "kernel-devel-4.12.14-122.250.1.noarch",
"product_id": "kernel-devel-4.12.14-122.250.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-4.12.14-122.250.1.noarch",
"product": {
"name": "kernel-docs-4.12.14-122.250.1.noarch",
"product_id": "kernel-docs-4.12.14-122.250.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-4.12.14-122.250.1.noarch",
"product": {
"name": "kernel-docs-html-4.12.14-122.250.1.noarch",
"product_id": "kernel-docs-html-4.12.14-122.250.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-4.12.14-122.250.1.noarch",
"product": {
"name": "kernel-macros-4.12.14-122.250.1.noarch",
"product_id": "kernel-macros-4.12.14-122.250.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-4.12.14-122.250.1.noarch",
"product": {
"name": "kernel-source-4.12.14-122.250.1.noarch",
"product_id": "kernel-source-4.12.14-122.250.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-4.12.14-122.250.1.noarch",
"product": {
"name": "kernel-source-vanilla-4.12.14-122.250.1.noarch",
"product_id": "kernel-source-vanilla-4.12.14-122.250.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"product": {
"name": "cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"product_id": "cluster-md-kmp-default-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"product": {
"name": "dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"product_id": "dlm-kmp-default-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"product": {
"name": "gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"product_id": "gfs2-kmp-default-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-debug-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-debug-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-debug-base-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-debug-base-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-debug-devel-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-debug-devel-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-default-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-default-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-default-base-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-default-base-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-default-devel-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-default-devel-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-default-extra-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-default-extra-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-default-kgraft-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-obs-build-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-obs-build-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-obs-qa-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-obs-qa-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-syms-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-syms-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-vanilla-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-vanilla-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-vanilla-base-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-vanilla-base-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kernel-vanilla-devel-4.12.14-122.250.1.ppc64le",
"product_id": "kernel-vanilla-devel-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-122.250.1.ppc64le",
"product": {
"name": "kselftests-kmp-default-4.12.14-122.250.1.ppc64le",
"product_id": "kselftests-kmp-default-4.12.14-122.250.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"product": {
"name": "ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"product_id": "ocfs2-kmp-default-4.12.14-122.250.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"product": {
"name": "cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"product_id": "cluster-md-kmp-default-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-122.250.1.s390x",
"product": {
"name": "dlm-kmp-default-4.12.14-122.250.1.s390x",
"product_id": "dlm-kmp-default-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-122.250.1.s390x",
"product": {
"name": "gfs2-kmp-default-4.12.14-122.250.1.s390x",
"product_id": "gfs2-kmp-default-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-default-4.12.14-122.250.1.s390x",
"product_id": "kernel-default-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-default-base-4.12.14-122.250.1.s390x",
"product_id": "kernel-default-base-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-default-devel-4.12.14-122.250.1.s390x",
"product_id": "kernel-default-devel-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-default-extra-4.12.14-122.250.1.s390x",
"product_id": "kernel-default-extra-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-default-kgraft-4.12.14-122.250.1.s390x",
"product_id": "kernel-default-kgraft-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"product_id": "kernel-default-kgraft-devel-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-man-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-default-man-4.12.14-122.250.1.s390x",
"product_id": "kernel-default-man-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-obs-build-4.12.14-122.250.1.s390x",
"product_id": "kernel-obs-build-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-obs-qa-4.12.14-122.250.1.s390x",
"product_id": "kernel-obs-qa-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-syms-4.12.14-122.250.1.s390x",
"product_id": "kernel-syms-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-vanilla-4.12.14-122.250.1.s390x",
"product_id": "kernel-vanilla-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-vanilla-base-4.12.14-122.250.1.s390x",
"product_id": "kernel-vanilla-base-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-vanilla-devel-4.12.14-122.250.1.s390x",
"product_id": "kernel-vanilla-devel-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-zfcpdump-4.12.14-122.250.1.s390x",
"product_id": "kernel-zfcpdump-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-man-4.12.14-122.250.1.s390x",
"product": {
"name": "kernel-zfcpdump-man-4.12.14-122.250.1.s390x",
"product_id": "kernel-zfcpdump-man-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-122.250.1.s390x",
"product": {
"name": "kselftests-kmp-default-4.12.14-122.250.1.s390x",
"product_id": "kselftests-kmp-default-4.12.14-122.250.1.s390x"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"product": {
"name": "ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"product_id": "ocfs2-kmp-default-4.12.14-122.250.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"product": {
"name": "cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"product_id": "cluster-md-kmp-default-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-122.250.1.x86_64",
"product": {
"name": "dlm-kmp-default-4.12.14-122.250.1.x86_64",
"product_id": "dlm-kmp-default-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"product": {
"name": "gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"product_id": "gfs2-kmp-default-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-debug-4.12.14-122.250.1.x86_64",
"product_id": "kernel-debug-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-debug-base-4.12.14-122.250.1.x86_64",
"product_id": "kernel-debug-base-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-debug-devel-4.12.14-122.250.1.x86_64",
"product_id": "kernel-debug-devel-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-default-4.12.14-122.250.1.x86_64",
"product_id": "kernel-default-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-default-base-4.12.14-122.250.1.x86_64",
"product_id": "kernel-default-base-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-default-devel-4.12.14-122.250.1.x86_64",
"product_id": "kernel-default-devel-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-default-extra-4.12.14-122.250.1.x86_64",
"product_id": "kernel-default-extra-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"product_id": "kernel-default-kgraft-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"product_id": "kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-kvmsmall-4.12.14-122.250.1.x86_64",
"product_id": "kernel-kvmsmall-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-base-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-kvmsmall-base-4.12.14-122.250.1.x86_64",
"product_id": "kernel-kvmsmall-base-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-4.12.14-122.250.1.x86_64",
"product_id": "kernel-kvmsmall-devel-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-obs-build-4.12.14-122.250.1.x86_64",
"product_id": "kernel-obs-build-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-obs-qa-4.12.14-122.250.1.x86_64",
"product_id": "kernel-obs-qa-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-syms-4.12.14-122.250.1.x86_64",
"product_id": "kernel-syms-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-vanilla-4.12.14-122.250.1.x86_64",
"product_id": "kernel-vanilla-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-vanilla-base-4.12.14-122.250.1.x86_64",
"product_id": "kernel-vanilla-base-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-122.250.1.x86_64",
"product": {
"name": "kernel-vanilla-devel-4.12.14-122.250.1.x86_64",
"product_id": "kernel-vanilla-devel-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-122.250.1.x86_64",
"product": {
"name": "kselftests-kmp-default-4.12.14-122.250.1.x86_64",
"product_id": "kselftests-kmp-default-4.12.14-122.250.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"product": {
"name": "ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"product_id": "ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-4.12.14-122.250.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le"
},
"product_reference": "kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-4.12.14-122.250.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x"
},
"product_reference": "kernel-default-kgraft-4.12.14-122.250.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64"
},
"product_reference": "kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le"
},
"product_reference": "kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-devel-4.12.14-122.250.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x"
},
"product_reference": "kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64"
},
"product_reference": "kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.250.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.250.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.250.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.250.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64"
},
"product_reference": "dlm-kmp-default-4.12.14-122.250.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.250.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le"
},
"product_reference": "dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.250.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x"
},
"product_reference": "dlm-kmp-default-4.12.14-122.250.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64"
},
"product_reference": "dlm-kmp-default-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.250.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.250.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.250.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.250.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.250.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64"
},
"product_reference": "kernel-default-4.12.14-122.250.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.250.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le"
},
"product_reference": "kernel-default-4.12.14-122.250.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.250.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x"
},
"product_reference": "kernel-default-4.12.14-122.250.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64"
},
"product_reference": "kernel-default-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.250.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64"
},
"product_reference": "kernel-default-base-4.12.14-122.250.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.250.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le"
},
"product_reference": "kernel-default-base-4.12.14-122.250.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.250.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x"
},
"product_reference": "kernel-default-base-4.12.14-122.250.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64"
},
"product_reference": "kernel-default-base-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.250.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64"
},
"product_reference": "kernel-default-devel-4.12.14-122.250.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.250.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le"
},
"product_reference": "kernel-default-devel-4.12.14-122.250.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.250.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x"
},
"product_reference": "kernel-default-devel-4.12.14-122.250.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64"
},
"product_reference": "kernel-default-devel-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-man-4.12.14-122.250.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x"
},
"product_reference": "kernel-default-man-4.12.14-122.250.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.12.14-122.250.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch"
},
"product_reference": "kernel-devel-4.12.14-122.250.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.12.14-122.250.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch"
},
"product_reference": "kernel-macros-4.12.14-122.250.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.12.14-122.250.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch"
},
"product_reference": "kernel-source-4.12.14-122.250.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.250.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64"
},
"product_reference": "kernel-syms-4.12.14-122.250.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.250.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le"
},
"product_reference": "kernel-syms-4.12.14-122.250.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.250.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x"
},
"product_reference": "kernel-syms-4.12.14-122.250.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64"
},
"product_reference": "kernel-syms-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.250.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.250.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.250.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64"
},
"product_reference": "dlm-kmp-default-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64"
},
"product_reference": "kernel-default-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64"
},
"product_reference": "kernel-default-base-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64"
},
"product_reference": "kernel-default-devel-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.12.14-122.250.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch"
},
"product_reference": "kernel-devel-4.12.14-122.250.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.12.14-122.250.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch"
},
"product_reference": "kernel-macros-4.12.14-122.250.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.12.14-122.250.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch"
},
"product_reference": "kernel-source-4.12.14-122.250.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64"
},
"product_reference": "kernel-syms-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.250.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-22543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22543"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22543",
"url": "https://www.suse.com/security/cve/CVE-2021-22543"
},
{
"category": "external",
"summary": "SUSE Bug 1186482 for CVE-2021-22543",
"url": "https://bugzilla.suse.com/1186482"
},
{
"category": "external",
"summary": "SUSE Bug 1186483 for CVE-2021-22543",
"url": "https://bugzilla.suse.com/1186483"
},
{
"category": "external",
"summary": "SUSE Bug 1190276 for CVE-2021-22543",
"url": "https://bugzilla.suse.com/1190276"
},
{
"category": "external",
"summary": "SUSE Bug 1197660 for CVE-2021-22543",
"url": "https://bugzilla.suse.com/1197660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2021-22543"
},
{
"cve": "CVE-2021-37159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37159"
}
],
"notes": [
{
"category": "general",
"text": "hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37159",
"url": "https://www.suse.com/security/cve/CVE-2021-37159"
},
{
"category": "external",
"summary": "SUSE Bug 1188601 for CVE-2021-37159",
"url": "https://bugzilla.suse.com/1188601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2021-37159"
},
{
"cve": "CVE-2021-47634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl\n\nHulk Robot reported a KASAN report about use-after-free:\n ==================================================================\n BUG: KASAN: use-after-free in __list_del_entry_valid+0x13d/0x160\n Read of size 8 at addr ffff888035e37d98 by task ubiattach/1385\n [...]\n Call Trace:\n klist_dec_and_del+0xa7/0x4a0\n klist_put+0xc7/0x1a0\n device_del+0x4d4/0xed0\n cdev_device_del+0x1a/0x80\n ubi_attach_mtd_dev+0x2951/0x34b0 [ubi]\n ctrl_cdev_ioctl+0x286/0x2f0 [ubi]\n\n Allocated by task 1414:\n device_add+0x60a/0x18b0\n cdev_device_add+0x103/0x170\n ubi_create_volume+0x1118/0x1a10 [ubi]\n ubi_cdev_ioctl+0xb7f/0x1ba0 [ubi]\n\n Freed by task 1385:\n cdev_device_del+0x1a/0x80\n ubi_remove_volume+0x438/0x6c0 [ubi]\n ubi_cdev_ioctl+0xbf4/0x1ba0 [ubi]\n [...]\n ==================================================================\n\nThe lock held by ctrl_cdev_ioctl is ubi_devices_mutex, but the lock held\nby ubi_cdev_ioctl is ubi-\u003edevice_mutex. Therefore, the two locks can be\nconcurrent.\n\nctrl_cdev_ioctl contains two operations: ubi_attach and ubi_detach.\nubi_detach is bug-free because it uses reference counting to prevent\nconcurrency. However, uif_init and uif_close in ubi_attach may race with\nubi_cdev_ioctl.\n\nuif_init will race with ubi_cdev_ioctl as in the following stack.\n cpu1 cpu2 cpu3\n_______________________|________________________|______________________\nctrl_cdev_ioctl\n ubi_attach_mtd_dev\n uif_init\n ubi_cdev_ioctl\n ubi_create_volume\n cdev_device_add\n ubi_add_volume\n // sysfs exist\n kill_volumes\n ubi_cdev_ioctl\n ubi_remove_volume\n cdev_device_del\n // first free\n ubi_free_volume\n cdev_del\n // double free\n cdev_device_del\n\nAnd uif_close will race with ubi_cdev_ioctl as in the following stack.\n cpu1 cpu2 cpu3\n_______________________|________________________|______________________\nctrl_cdev_ioctl\n ubi_attach_mtd_dev\n uif_init\n ubi_cdev_ioctl\n ubi_create_volume\n cdev_device_add\n ubi_debugfs_init_dev\n //error goto out_uif;\n uif_close\n kill_volumes\n ubi_cdev_ioctl\n ubi_remove_volume\n cdev_device_del\n // first free\n ubi_free_volume\n // double free\n\nThe cause of this problem is that commit 714fb87e8bc0 make device\n\"available\" before it becomes accessible via sysfs. Therefore, we\nroll back the modification. We will fix the race condition between\nubi device creation and udev by removing ubi_get_device in\nvol_attribute_show and dev_attribute_show.This avoids accessing\nuninitialized ubi_devices[ubi_num].\n\nubi_get_device is used to prevent devices from being deleted during\nsysfs execution. However, now kernfs ensures that devices will not\nbe deleted before all reference counting are released.\nThe key process is shown in the following stack.\n\ndevice_del\n device_remove_attrs\n device_remove_groups\n sysfs_remove_groups\n sysfs_remove_group\n remove_files\n kernfs_remove_by_name\n kernfs_remove_by_name_ns\n __kernfs_remove\n kernfs_drain",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47634",
"url": "https://www.suse.com/security/cve/CVE-2021-47634"
},
{
"category": "external",
"summary": "SUSE Bug 1237758 for CVE-2021-47634",
"url": "https://bugzilla.suse.com/1237758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2021-47634"
},
{
"cve": "CVE-2021-47644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-47644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: staging: media: zoran: move videodev alloc\n\nMove some code out of zr36057_init() and create new functions for handling\nzr-\u003evideo_dev. This permit to ease code reading and fix a zr-\u003evideo_dev\nmemory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-47644",
"url": "https://www.suse.com/security/cve/CVE-2021-47644"
},
{
"category": "external",
"summary": "SUSE Bug 1237766 for CVE-2021-47644",
"url": "https://bugzilla.suse.com/1237766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "low"
}
],
"title": "CVE-2021-47644"
},
{
"cve": "CVE-2022-2991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2991"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow was found in the Linux kernel\u0027s LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2991",
"url": "https://www.suse.com/security/cve/CVE-2022-2991"
},
{
"category": "external",
"summary": "SUSE Bug 1201420 for CVE-2022-2991",
"url": "https://bugzilla.suse.com/1201420"
},
{
"category": "external",
"summary": "SUSE Bug 1203993 for CVE-2022-2991",
"url": "https://bugzilla.suse.com/1203993"
},
{
"category": "external",
"summary": "SUSE Bug 1211495 for CVE-2022-2991",
"url": "https://bugzilla.suse.com/1211495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2022-2991"
},
{
"cve": "CVE-2022-48636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup\n\nFix Oops in dasd_alias_get_start_dev() function caused by the pavgroup\npointer being NULL.\n\nThe pavgroup pointer is checked on the entrance of the function but\nwithout the lcu-\u003elock being held. Therefore there is a race window\nbetween dasd_alias_get_start_dev() and _lcu_update() which sets\npavgroup to NULL with the lcu-\u003elock held.\n\nFix by checking the pavgroup pointer with lcu-\u003elock held.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48636",
"url": "https://www.suse.com/security/cve/CVE-2022-48636"
},
{
"category": "external",
"summary": "SUSE Bug 1223512 for CVE-2022-48636",
"url": "https://bugzilla.suse.com/1223512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-48636"
},
{
"cve": "CVE-2022-48650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()\n\nCommit 8f394da36a36 (\"scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG\")\nmade the __qlt_24xx_handle_abts() function return early if\ntcm_qla2xxx_find_cmd_by_tag() didn\u0027t find a command, but it missed to clean\nup the allocated memory for the management command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48650",
"url": "https://www.suse.com/security/cve/CVE-2022-48650"
},
{
"category": "external",
"summary": "SUSE Bug 1223509 for CVE-2022-48650",
"url": "https://bugzilla.suse.com/1223509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-48650"
},
{
"cve": "CVE-2022-48664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix hang during unmount when stopping a space reclaim worker\n\nOften when running generic/562 from fstests we can hang during unmount,\nresulting in a trace like this:\n\n Sep 07 11:52:00 debian9 unknown: run fstests generic/562 at 2022-09-07 11:52:00\n Sep 07 11:55:32 debian9 kernel: INFO: task umount:49438 blocked for more than 120 seconds.\n Sep 07 11:55:32 debian9 kernel: Not tainted 6.0.0-rc2-btrfs-next-122 #1\n Sep 07 11:55:32 debian9 kernel: \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n Sep 07 11:55:32 debian9 kernel: task:umount state:D stack: 0 pid:49438 ppid: 25683 flags:0x00004000\n Sep 07 11:55:32 debian9 kernel: Call Trace:\n Sep 07 11:55:32 debian9 kernel: \u003cTASK\u003e\n Sep 07 11:55:32 debian9 kernel: __schedule+0x3c8/0xec0\n Sep 07 11:55:32 debian9 kernel: ? rcu_read_lock_sched_held+0x12/0x70\n Sep 07 11:55:32 debian9 kernel: schedule+0x5d/0xf0\n Sep 07 11:55:32 debian9 kernel: schedule_timeout+0xf1/0x130\n Sep 07 11:55:32 debian9 kernel: ? lock_release+0x224/0x4a0\n Sep 07 11:55:32 debian9 kernel: ? lock_acquired+0x1a0/0x420\n Sep 07 11:55:32 debian9 kernel: ? trace_hardirqs_on+0x2c/0xd0\n Sep 07 11:55:32 debian9 kernel: __wait_for_common+0xac/0x200\n Sep 07 11:55:32 debian9 kernel: ? usleep_range_state+0xb0/0xb0\n Sep 07 11:55:32 debian9 kernel: __flush_work+0x26d/0x530\n Sep 07 11:55:32 debian9 kernel: ? flush_workqueue_prep_pwqs+0x140/0x140\n Sep 07 11:55:32 debian9 kernel: ? trace_clock_local+0xc/0x30\n Sep 07 11:55:32 debian9 kernel: __cancel_work_timer+0x11f/0x1b0\n Sep 07 11:55:32 debian9 kernel: ? close_ctree+0x12b/0x5b3 [btrfs]\n Sep 07 11:55:32 debian9 kernel: ? __trace_bputs+0x10b/0x170\n Sep 07 11:55:32 debian9 kernel: close_ctree+0x152/0x5b3 [btrfs]\n Sep 07 11:55:32 debian9 kernel: ? evict_inodes+0x166/0x1c0\n Sep 07 11:55:32 debian9 kernel: generic_shutdown_super+0x71/0x120\n Sep 07 11:55:32 debian9 kernel: kill_anon_super+0x14/0x30\n Sep 07 11:55:32 debian9 kernel: btrfs_kill_super+0x12/0x20 [btrfs]\n Sep 07 11:55:32 debian9 kernel: deactivate_locked_super+0x2e/0xa0\n Sep 07 11:55:32 debian9 kernel: cleanup_mnt+0x100/0x160\n Sep 07 11:55:32 debian9 kernel: task_work_run+0x59/0xa0\n Sep 07 11:55:32 debian9 kernel: exit_to_user_mode_prepare+0x1a6/0x1b0\n Sep 07 11:55:32 debian9 kernel: syscall_exit_to_user_mode+0x16/0x40\n Sep 07 11:55:32 debian9 kernel: do_syscall_64+0x48/0x90\n Sep 07 11:55:32 debian9 kernel: entry_SYSCALL_64_after_hwframe+0x63/0xcd\n Sep 07 11:55:32 debian9 kernel: RIP: 0033:0x7fcde59a57a7\n Sep 07 11:55:32 debian9 kernel: RSP: 002b:00007ffe914217c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6\n Sep 07 11:55:32 debian9 kernel: RAX: 0000000000000000 RBX: 00007fcde5ae8264 RCX: 00007fcde59a57a7\n Sep 07 11:55:32 debian9 kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055b57556cdd0\n Sep 07 11:55:32 debian9 kernel: RBP: 000055b57556cba0 R08: 0000000000000000 R09: 00007ffe91420570\n Sep 07 11:55:32 debian9 kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n Sep 07 11:55:32 debian9 kernel: R13: 000055b57556cdd0 R14: 000055b57556ccb8 R15: 0000000000000000\n Sep 07 11:55:32 debian9 kernel: \u003c/TASK\u003e\n\nWhat happens is the following:\n\n1) The cleaner kthread tries to start a transaction to delete an unused\n block group, but the metadata reservation can not be satisfied right\n away, so a reservation ticket is created and it starts the async\n metadata reclaim task (fs_info-\u003easync_reclaim_work);\n\n2) Writeback for all the filler inodes with an i_size of 2K starts\n (generic/562 creates a lot of 2K files with the goal of filling\n metadata space). We try to create an inline extent for them, but we\n fail when trying to insert the inline extent with -ENOSPC (at\n cow_file_range_inline()) - since this is not critical, we fallback\n to non-inline mode (back to cow_file_range()), reserve extents\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48664",
"url": "https://www.suse.com/security/cve/CVE-2022-48664"
},
{
"category": "external",
"summary": "SUSE Bug 1223524 for CVE-2022-48664",
"url": "https://bugzilla.suse.com/1223524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-48664"
},
{
"cve": "CVE-2022-48953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: cmos: Fix event handler registration ordering issue\n\nBecause acpi_install_fixed_event_handler() enables the event\nautomatically on success, it is incorrect to call it before the\nhandler routine passed to it is ready to handle events.\n\nUnfortunately, the rtc-cmos driver does exactly the incorrect thing\nby calling cmos_wake_setup(), which passes rtc_handler() to\nacpi_install_fixed_event_handler(), before cmos_do_probe(), because\nrtc_handler() uses dev_get_drvdata() to get to the cmos object\npointer and the driver data pointer is only populated in\ncmos_do_probe().\n\nThis leads to a NULL pointer dereference in rtc_handler() on boot\nif the RTC fixed event happens to be active at the init time.\n\nTo address this issue, change the initialization ordering of the\ndriver so that cmos_wake_setup() is always called after a successful\ncmos_do_probe() call.\n\nWhile at it, change cmos_pnp_probe() to call cmos_do_probe() after\nthe initial if () statement used for computing the IRQ argument to\nbe passed to cmos_do_probe() which is cleaner than calling it in\neach branch of that if () (local variable \"irq\" can be of type int,\nbecause it is passed to that function as an argument of type int).\n\nNote that commit 6492fed7d8c9 (\"rtc: rtc-cmos: Do not check\nACPI_FADT_LOW_POWER_S0\") caused this issue to affect a larger number\nof systems, because previously it only affected systems with\nACPI_FADT_LOW_POWER_S0 set, but it is present regardless of that\ncommit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48953",
"url": "https://www.suse.com/security/cve/CVE-2022-48953"
},
{
"category": "external",
"summary": "SUSE Bug 1231941 for CVE-2022-48953",
"url": "https://bugzilla.suse.com/1231941"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-48953"
},
{
"cve": "CVE-2022-48975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48975"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: fix memory leak in gpiochip_setup_dev()\n\nHere is a backtrace report about memory leak detected in\ngpiochip_setup_dev():\n\nunreferenced object 0xffff88810b406400 (size 512):\n comm \"python3\", pid 1682, jiffies 4295346908 (age 24.090s)\n backtrace:\n kmalloc_trace\n device_add\t\tdevice_private_init at drivers/base/core.c:3361\n\t\t\t(inlined by) device_add at drivers/base/core.c:3411\n cdev_device_add\n gpiolib_cdev_register\n gpiochip_setup_dev\n gpiochip_add_data_with_key\n\ngcdev_register() \u0026 gcdev_unregister() would call device_add() \u0026\ndevice_del() (no matter CONFIG_GPIO_CDEV is enabled or not) to\nregister/unregister device.\n\nHowever, if device_add() succeeds, some resource (like\nstruct device_private allocated by device_private_init())\nis not released by device_del().\n\nTherefore, after device_add() succeeds by gcdev_register(), it\nneeds to call put_device() to release resource in the error handle\npath.\n\nHere we move forward the register of release function, and let it\nrelease every piece of resource by put_device() instead of kfree().\n\nWhile at it, fix another subtle issue, i.e. when gc-\u003engpio is equal\nto 0, we still call kcalloc() and, in case of further error, kfree()\non the ZERO_PTR pointer, which is not NULL. It\u0027s not a bug per se,\nbut rather waste of the resources and potentially wrong expectation\nabout contents of the gdev-\u003edescs variable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48975",
"url": "https://www.suse.com/security/cve/CVE-2022-48975"
},
{
"category": "external",
"summary": "SUSE Bug 1231885 for CVE-2022-48975",
"url": "https://bugzilla.suse.com/1231885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-48975"
},
{
"cve": "CVE-2022-49006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Free buffers when a used dynamic event is removed\n\nAfter 65536 dynamic events have been added and removed, the \"type\" field\nof the event then uses the first type number that is available (not\ncurrently used by other events). A type number is the identifier of the\nbinary blobs in the tracing ring buffer (known as events) to map them to\nlogic that can parse the binary blob.\n\nThe issue is that if a dynamic event (like a kprobe event) is traced and\nis in the ring buffer, and then that event is removed (because it is\ndynamic, which means it can be created and destroyed), if another dynamic\nevent is created that has the same number that new event\u0027s logic on\nparsing the binary blob will be used.\n\nTo show how this can be an issue, the following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # for i in `seq 65536`; do\n echo \u0027p:kprobes/foo do_sys_openat2 $arg1:u32\u0027 \u003e kprobe_events\n # done\n\nFor every iteration of the above, the writing to the kprobe_events will\nremove the old event and create a new one (with the same format) and\nincrease the type number to the next available on until the type number\nreaches over 65535 which is the max number for the 16 bit type. After it\nreaches that number, the logic to allocate a new number simply looks for\nthe next available number. When an dynamic event is removed, that number\nis then available to be reused by the next dynamic event created. That is,\nonce the above reaches the max number, the number assigned to the event in\nthat loop will remain the same.\n\nNow that means deleting one dynamic event and created another will reuse\nthe previous events type number. This is where bad things can happen.\nAfter the above loop finishes, the kprobes/foo event which reads the\ndo_sys_openat2 function call\u0027s first parameter as an integer.\n\n # echo 1 \u003e kprobes/foo/enable\n # cat /etc/passwd \u003e /dev/null\n # cat trace\n cat-2211 [005] .... 2007.849603: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n cat-2211 [005] .... 2007.849620: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n cat-2211 [005] .... 2007.849838: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n cat-2211 [005] .... 2007.849880: foo: (do_sys_openat2+0x0/0x130) arg1=4294967196\n # echo 0 \u003e kprobes/foo/enable\n\nNow if we delete the kprobe and create a new one that reads a string:\n\n # echo \u0027p:kprobes/foo do_sys_openat2 +0($arg2):string\u0027 \u003e kprobe_events\n\nAnd now we can the trace:\n\n # cat trace\n sendmail-1942 [002] ..... 530.136320: foo: (do_sys_openat2+0x0/0x240) arg1= cat-2046 [004] ..... 530.930817: foo: (do_sys_openat2+0x0/0x240) arg1=\"\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\"\n cat-2046 [004] ..... 530.930961: foo: (do_sys_openat2+0x0/0x240) arg1=\"\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\"\n cat-2046 [004] ..... 530.934278: foo: (do_sys_openat2+0x0/0x240) arg1=\"\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\"\n cat-2046 [004] ..... 530.934563: foo: (do_sys_openat2+0x0/0x240) arg1=\"\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\ufffd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49006",
"url": "https://www.suse.com/security/cve/CVE-2022-49006"
},
{
"category": "external",
"summary": "SUSE Bug 1232163 for CVE-2022-49006",
"url": "https://bugzilla.suse.com/1232163"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-49006"
},
{
"cve": "CVE-2022-49076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Fix use-after-free bug for mm struct\n\nUnder certain conditions, such as MPI_Abort, the hfi1 cleanup code may\nrepresent the last reference held on the task mm.\nhfi1_mmu_rb_unregister() then drops the last reference and the mm is freed\nbefore the final use in hfi1_release_user_pages(). A new task may\nallocate the mm structure while it is still being used, resulting in\nproblems. One manifestation is corruption of the mmap_sem counter leading\nto a hang in down_write(). Another is corruption of an mm struct that is\nin use by another task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49076",
"url": "https://www.suse.com/security/cve/CVE-2022-49076"
},
{
"category": "external",
"summary": "SUSE Bug 1237738 for CVE-2022-49076",
"url": "https://bugzilla.suse.com/1237738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-49076"
},
{
"cve": "CVE-2022-49080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix mpol_new leak in shared_policy_replace\n\nIf mpol_new is allocated but not used in restart loop, mpol_new will be\nfreed via mpol_put before returning to the caller. But refcnt is not\ninitialized yet, so mpol_put could not do the right things and might\nleak the unused mpol_new. This would happen if mempolicy was updated on\nthe shared shmem file while the sp-\u003elock has been dropped during the\nmemory allocation.\n\nThis issue could be triggered easily with the below code snippet if\nthere are many processes doing the below work at the same time:\n\n shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT);\n shm = shmat(shmid, 0, 0);\n loop many times {\n mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0);\n mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask,\n maxnode, 0);\n }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49080",
"url": "https://www.suse.com/security/cve/CVE-2022-49080"
},
{
"category": "external",
"summary": "SUSE Bug 1238033 for CVE-2022-49080",
"url": "https://bugzilla.suse.com/1238033"
},
{
"category": "external",
"summary": "SUSE Bug 1238324 for CVE-2022-49080",
"url": "https://bugzilla.suse.com/1238324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2022-49080"
},
{
"cve": "CVE-2022-49089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition\n\nThe documentation of the function rvt_error_qp says both r_lock and s_lock\nneed to be held when calling that function. It also asserts using lockdep\nthat both of those locks are held. However, the commit I referenced in\nFixes accidentally makes the call to rvt_error_qp in rvt_ruc_loopback no\nlonger covered by r_lock. This results in the lockdep assertion failing\nand also possibly in a race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49089",
"url": "https://www.suse.com/security/cve/CVE-2022-49089"
},
{
"category": "external",
"summary": "SUSE Bug 1238041 for CVE-2022-49089",
"url": "https://bugzilla.suse.com/1238041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-49089"
},
{
"cve": "CVE-2022-49124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mce: Work around an erratum on fast string copy instructions\n\nA rare kernel panic scenario can happen when the following conditions\nare met due to an erratum on fast string copy instructions:\n\n1) An uncorrected error.\n2) That error must be in first cache line of a page.\n3) Kernel must execute page_copy from the page immediately before that\npage.\n\nThe fast string copy instructions (\"REP; MOVS*\") could consume an\nuncorrectable memory error in the cache line _right after_ the desired\nregion to copy and raise an MCE.\n\nBit 0 of MSR_IA32_MISC_ENABLE can be cleared to disable fast string\ncopy and will avoid such spurious machine checks. However, that is less\npreferable due to the permanent performance impact. Considering memory\npoison is rare, it\u0027s desirable to keep fast string copy enabled until an\nMCE is seen.\n\nIntel has confirmed the following:\n1. The CPU erratum of fast string copy only applies to Skylake,\nCascade Lake and Cooper Lake generations.\n\nDirectly return from the MCE handler:\n2. Will result in complete execution of the \"REP; MOVS*\" with no data\nloss or corruption.\n3. Will not result in another MCE firing on the next poisoned cache line\ndue to \"REP; MOVS*\".\n4. Will resume execution from a correct point in code.\n5. Will result in the same instruction that triggered the MCE firing a\nsecond MCE immediately for any other software recoverable data fetch\nerrors.\n6. Is not safe without disabling the fast string copy, as the next fast\nstring copy of the same buffer on the same CPU would result in a PANIC\nMCE.\n\nThis should mitigate the erratum completely with the only caveat that\nthe fast string copy is disabled on the affected hyper thread thus\nperformance degradation.\n\nThis is still better than the OS crashing on MCEs raised on an\nirrelevant process due to \"REP; MOVS*\u0027 accesses in a kernel context,\ne.g., copy_page.\n\n\nInjected errors on 1st cache line of 8 anonymous pages of process\n\u0027proc1\u0027 and observed MCE consumption from \u0027proc2\u0027 with no panic\n(directly returned).\n\nWithout the fix, the host panicked within a few minutes on a\nrandom \u0027proc2\u0027 process due to kernel access from copy_page.\n\n [ bp: Fix comment style + touch ups, zap an unlikely(), improve the\n quirk function\u0027s readability. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49124",
"url": "https://www.suse.com/security/cve/CVE-2022-49124"
},
{
"category": "external",
"summary": "SUSE Bug 1238148 for CVE-2022-49124",
"url": "https://bugzilla.suse.com/1238148"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-49124"
},
{
"cve": "CVE-2022-49134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49134"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum: Guard against invalid local ports\n\nWhen processing events generated by the device\u0027s firmware, the driver\nprotects itself from events reported for non-existent local ports, but\nnot for the CPU port (local port 0), which exists, but does not have all\nthe fields as any local port.\n\nThis can result in a NULL pointer dereference when trying access\n\u0027struct mlxsw_sp_port\u0027 fields which are not initialized for CPU port.\n\nCommit 63b08b1f6834 (\"mlxsw: spectrum: Protect driver from buggy firmware\")\nalready handled such issue by bailing early when processing a PUDE event\nreported for the CPU port.\n\nGeneralize the approach by moving the check to a common function and\nmaking use of it in all relevant places.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49134",
"url": "https://www.suse.com/security/cve/CVE-2022-49134"
},
{
"category": "external",
"summary": "SUSE Bug 1237982 for CVE-2022-49134",
"url": "https://bugzilla.suse.com/1237982"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-49134"
},
{
"cve": "CVE-2022-49135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix memory leak\n\n[why]\nResource release is needed on the error handling path\nto prevent memory leak.\n\n[how]\nFix this by adding kfree on the error handling path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49135",
"url": "https://www.suse.com/security/cve/CVE-2022-49135"
},
{
"category": "external",
"summary": "SUSE Bug 1238006 for CVE-2022-49135",
"url": "https://bugzilla.suse.com/1238006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-49135"
},
{
"cve": "CVE-2022-49151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49151"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: properly check endpoint type\n\nSyzbot reported warning in usb_submit_urb() which is caused by wrong\nendpoint type. We should check that in endpoint is actually present to\nprevent this warning.\n\nFound pipes are now saved to struct mcba_priv and code uses them\ndirectly instead of making pipes in place.\n\nFail log:\n\n| usb 5-1: BOGUS urb xfer, pipe 3 != type 1\n| WARNING: CPU: 1 PID: 49 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n| Modules linked in:\n| CPU: 1 PID: 49 Comm: kworker/1:2 Not tainted 5.17.0-rc6-syzkaller-00184-g38f80f42147f #0\n| Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\n| Workqueue: usb_hub_wq hub_event\n| RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n| ...\n| Call Trace:\n| \u003cTASK\u003e\n| mcba_usb_start drivers/net/can/usb/mcba_usb.c:662 [inline]\n| mcba_usb_probe+0x8a3/0xc50 drivers/net/can/usb/mcba_usb.c:858\n| usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396\n| call_driver_probe drivers/base/dd.c:517 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49151",
"url": "https://www.suse.com/security/cve/CVE-2022-49151"
},
{
"category": "external",
"summary": "SUSE Bug 1237778 for CVE-2022-49151",
"url": "https://bugzilla.suse.com/1237778"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-49151"
},
{
"cve": "CVE-2022-49178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick/mspro_block: fix handling of read-only devices\n\nUse set_disk_ro to propagate the read-only state to the block layer\ninstead of checking for it in -\u003eopen and leaking a reference in case\nof a read-only device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49178",
"url": "https://www.suse.com/security/cve/CVE-2022-49178"
},
{
"category": "external",
"summary": "SUSE Bug 1238107 for CVE-2022-49178",
"url": "https://bugzilla.suse.com/1238107"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-49178"
},
{
"cve": "CVE-2022-49182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: add vlan list lock to protect vlan list\n\nWhen adding port base VLAN, vf VLAN need to remove from HW and modify\nthe vlan state in vf VLAN list as false. If the periodicity task is\nfreeing the same node, it may cause \"use after free\" error.\nThis patch adds a vlan list lock to protect the vlan list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49182",
"url": "https://www.suse.com/security/cve/CVE-2022-49182"
},
{
"category": "external",
"summary": "SUSE Bug 1238260 for CVE-2022-49182",
"url": "https://bugzilla.suse.com/1238260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-49182"
},
{
"cve": "CVE-2022-49201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: fix race between xmit and reset\n\nThere is a race between reset and the transmit paths that can lead to\nibmvnic_xmit() accessing an scrq after it has been freed in the reset\npath. It can result in a crash like:\n\n\tKernel attempted to read user page (0) - exploit attempt? (uid: 0)\n\tBUG: Kernel NULL pointer dereference on read at 0x00000000\n\tFaulting instruction address: 0xc0080000016189f8\n\tOops: Kernel access of bad area, sig: 11 [#1]\n\t...\n\tNIP [c0080000016189f8] ibmvnic_xmit+0x60/0xb60 [ibmvnic]\n\tLR [c000000000c0046c] dev_hard_start_xmit+0x11c/0x280\n\tCall Trace:\n\t[c008000001618f08] ibmvnic_xmit+0x570/0xb60 [ibmvnic] (unreliable)\n\t[c000000000c0046c] dev_hard_start_xmit+0x11c/0x280\n\t[c000000000c9cfcc] sch_direct_xmit+0xec/0x330\n\t[c000000000bfe640] __dev_xmit_skb+0x3a0/0x9d0\n\t[c000000000c00ad4] __dev_queue_xmit+0x394/0x730\n\t[c008000002db813c] __bond_start_xmit+0x254/0x450 [bonding]\n\t[c008000002db8378] bond_start_xmit+0x40/0xc0 [bonding]\n\t[c000000000c0046c] dev_hard_start_xmit+0x11c/0x280\n\t[c000000000c00ca4] __dev_queue_xmit+0x564/0x730\n\t[c000000000cf97e0] neigh_hh_output+0xd0/0x180\n\t[c000000000cfa69c] ip_finish_output2+0x31c/0x5c0\n\t[c000000000cfd244] __ip_queue_xmit+0x194/0x4f0\n\t[c000000000d2a3c4] __tcp_transmit_skb+0x434/0x9b0\n\t[c000000000d2d1e0] __tcp_retransmit_skb+0x1d0/0x6a0\n\t[c000000000d2d984] tcp_retransmit_skb+0x34/0x130\n\t[c000000000d310e8] tcp_retransmit_timer+0x388/0x6d0\n\t[c000000000d315ec] tcp_write_timer_handler+0x1bc/0x330\n\t[c000000000d317bc] tcp_write_timer+0x5c/0x200\n\t[c000000000243270] call_timer_fn+0x50/0x1c0\n\t[c000000000243704] __run_timers.part.0+0x324/0x460\n\t[c000000000243894] run_timer_softirq+0x54/0xa0\n\t[c000000000ea713c] __do_softirq+0x15c/0x3e0\n\t[c000000000166258] __irq_exit_rcu+0x158/0x190\n\t[c000000000166420] irq_exit+0x20/0x40\n\t[c00000000002853c] timer_interrupt+0x14c/0x2b0\n\t[c000000000009a00] decrementer_common_virt+0x210/0x220\n\t--- interrupt: 900 at plpar_hcall_norets_notrace+0x18/0x2c\n\nThe immediate cause of the crash is the access of tx_scrq in the following\nsnippet during a reset, where the tx_scrq can be either NULL or an address\nthat will soon be invalid:\n\n\tibmvnic_xmit()\n\t{\n\t\t...\n\t\ttx_scrq = adapter-\u003etx_scrq[queue_num];\n\t\ttxq = netdev_get_tx_queue(netdev, queue_num);\n\t\tind_bufp = \u0026tx_scrq-\u003eind_buf;\n\n\t\tif (test_bit(0, \u0026adapter-\u003eresetting)) {\n\t\t...\n\t}\n\nBut beyond that, the call to ibmvnic_xmit() itself is not safe during a\nreset and the reset path attempts to avoid this by stopping the queue in\nibmvnic_cleanup(). However just after the queue was stopped, an in-flight\nibmvnic_complete_tx() could have restarted the queue even as the reset is\nprogressing.\n\nSince the queue was restarted we could get a call to ibmvnic_xmit() which\ncan then access the bad tx_scrq (or other fields).\n\nWe cannot however simply have ibmvnic_complete_tx() check the -\u003eresetting\nbit and skip starting the queue. This can race at the \"back-end\" of a good\nreset which just restarted the queue but has not cleared the -\u003eresetting\nbit yet. If we skip restarting the queue due to -\u003eresetting being true,\nthe queue would remain stopped indefinitely potentially leading to transmit\ntimeouts.\n\nIOW -\u003eresetting is too broad for this purpose. Instead use a new flag\nthat indicates whether or not the queues are active. Only the open/\nreset paths control when the queues are active. ibmvnic_complete_tx()\nand others wake up the queue only if the queue is marked active.\n\nSo we will have:\n\tA. reset/open thread in ibmvnic_cleanup() and __ibmvnic_open()\n\n\t\t-\u003eresetting = true\n\t\t-\u003etx_queues_active = false\n\t\tdisable tx queues\n\t\t...\n\t\t-\u003etx_queues_active = true\n\t\tstart tx queues\n\n\tB. Tx interrupt in ibmvnic_complete_tx():\n\n\t\tif (-\u003etx_queues_active)\n\t\t\tnetif_wake_subqueue();\n\nTo ensure that -\u003etx_queues_active and state of the queues are consistent,\nwe need a lock which:\n\n\t- must also be taken in the interrupt path (ibmvnic_complete_tx())\n\t- shared across the multiple\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49201",
"url": "https://www.suse.com/security/cve/CVE-2022-49201"
},
{
"category": "external",
"summary": "SUSE Bug 1238256 for CVE-2022-49201",
"url": "https://bugzilla.suse.com/1238256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-49201"
},
{
"cve": "CVE-2022-49247",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49247"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED\n\nIf the callback \u0027start_streaming\u0027 fails, then all\nqueued buffers in the driver should be returned with\nstate \u0027VB2_BUF_STATE_QUEUED\u0027. Currently, they are\nreturned with \u0027VB2_BUF_STATE_ERROR\u0027 which is wrong.\nFix this. This also fixes the warning:\n\n[ 65.583633] WARNING: CPU: 5 PID: 593 at drivers/media/common/videobuf2/videobuf2-core.c:1612 vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[ 65.585027] Modules linked in: snd_usb_audio snd_hwdep snd_usbmidi_lib snd_rawmidi snd_soc_hdmi_codec dw_hdmi_i2s_audio saa7115 stk1160 videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev mc crct10dif_ce panfrost snd_soc_simple_card snd_soc_audio_graph_card snd_soc_spdif_tx snd_soc_simple_card_utils gpu_sched phy_rockchip_pcie snd_soc_rockchip_i2s rockchipdrm analogix_dp dw_mipi_dsi dw_hdmi cec drm_kms_helper drm rtc_rk808 rockchip_saradc industrialio_triggered_buffer kfifo_buf rockchip_thermal pcie_rockchip_host ip_tables x_tables ipv6\n[ 65.589383] CPU: 5 PID: 593 Comm: v4l2src0:src Tainted: G W 5.16.0-rc4-62408-g32447129cb30-dirty #14\n[ 65.590293] Hardware name: Radxa ROCK Pi 4B (DT)\n[ 65.590696] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 65.591304] pc : vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[ 65.591850] lr : vb2_start_streaming+0x6c/0x160 [videobuf2_common]\n[ 65.592395] sp : ffff800012bc3ad0\n[ 65.592685] x29: ffff800012bc3ad0 x28: 0000000000000000 x27: ffff800012bc3cd8\n[ 65.593312] x26: 0000000000000000 x25: ffff00000d8a7800 x24: 0000000040045612\n[ 65.593938] x23: ffff800011323000 x22: ffff800012bc3cd8 x21: ffff00000908a8b0\n[ 65.594562] x20: ffff00000908a8c8 x19: 00000000fffffff4 x18: ffffffffffffffff\n[ 65.595188] x17: 000000040044ffff x16: 00400034b5503510 x15: ffff800011323f78\n[ 65.595813] x14: ffff000013163886 x13: ffff000013163885 x12: 00000000000002ce\n[ 65.596439] x11: 0000000000000028 x10: 0000000000000001 x9 : 0000000000000228\n[ 65.597064] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff726c5e78\n[ 65.597690] x5 : ffff800012bc3990 x4 : 0000000000000000 x3 : ffff000009a34880\n[ 65.598315] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000007cd99f0\n[ 65.598940] Call trace:\n[ 65.599155] vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[ 65.599672] vb2_core_streamon+0x17c/0x1a8 [videobuf2_common]\n[ 65.600179] vb2_streamon+0x54/0x88 [videobuf2_v4l2]\n[ 65.600619] vb2_ioctl_streamon+0x54/0x60 [videobuf2_v4l2]\n[ 65.601103] v4l_streamon+0x3c/0x50 [videodev]\n[ 65.601521] __video_do_ioctl+0x1a4/0x428 [videodev]\n[ 65.601977] video_usercopy+0x320/0x828 [videodev]\n[ 65.602419] video_ioctl2+0x3c/0x58 [videodev]\n[ 65.602830] v4l2_ioctl+0x60/0x90 [videodev]\n[ 65.603227] __arm64_sys_ioctl+0xa8/0xe0\n[ 65.603576] invoke_syscall+0x54/0x118\n[ 65.603911] el0_svc_common.constprop.3+0x84/0x100\n[ 65.604332] do_el0_svc+0x34/0xa0\n[ 65.604625] el0_svc+0x1c/0x50\n[ 65.604897] el0t_64_sync_handler+0x88/0xb0\n[ 65.605264] el0t_64_sync+0x16c/0x170\n[ 65.605587] ---[ end trace 578e0ba07742170d ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49247",
"url": "https://www.suse.com/security/cve/CVE-2022-49247"
},
{
"category": "external",
"summary": "SUSE Bug 1237783 for CVE-2022-49247",
"url": "https://bugzilla.suse.com/1237783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-49247"
},
{
"cve": "CVE-2022-49490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49490"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected\n\nmdp5_get_global_state runs the risk of hitting a -EDEADLK when acquiring\nthe modeset lock, but currently mdp5_pipe_release doesn\u0027t check for if\nan error is returned. Because of this, there is a possibility of\nmdp5_pipe_release hitting a NULL dereference error.\n\nTo avoid this, let\u0027s have mdp5_pipe_release check if\nmdp5_get_global_state returns an error and propogate that error.\n\nChanges since v1:\n- Separated declaration and initialization of *new_state to avoid\n compiler warning\n- Fixed some spelling mistakes in commit message\n\nChanges since v2:\n- Return 0 in case where hwpipe is NULL as this is considered normal\n behavior\n- Added 2nd patch in series to fix a similar NULL dereference issue in\n mdp5_mixer_release\n\nPatchwork: https://patchwork.freedesktop.org/patch/485179/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49490",
"url": "https://www.suse.com/security/cve/CVE-2022-49490"
},
{
"category": "external",
"summary": "SUSE Bug 1238275 for CVE-2022-49490",
"url": "https://bugzilla.suse.com/1238275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-49490"
},
{
"cve": "CVE-2022-49626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49626"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix use after free when disabling sriov\n\nUse after free is detected by kfence when disabling sriov. What was read\nafter being freed was vf-\u003epci_dev: it was freed from pci_disable_sriov\nand later read in efx_ef10_sriov_free_vf_vports, called from\nefx_ef10_sriov_free_vf_vswitching.\n\nSet the pointer to NULL at release time to not trying to read it later.\n\nReproducer and dmesg log (note that kfence doesn\u0027t detect it every time):\n$ echo 1 \u003e /sys/class/net/enp65s0f0np0/device/sriov_numvfs\n$ echo 0 \u003e /sys/class/net/enp65s0f0np0/device/sriov_numvfs\n\n BUG: KFENCE: use-after-free read in efx_ef10_sriov_free_vf_vswitching+0x82/0x170 [sfc]\n\n Use-after-free read at 0x00000000ff3c1ba5 (in kfence-#224):\n efx_ef10_sriov_free_vf_vswitching+0x82/0x170 [sfc]\n efx_ef10_pci_sriov_disable+0x38/0x70 [sfc]\n efx_pci_sriov_configure+0x24/0x40 [sfc]\n sriov_numvfs_store+0xfe/0x140\n kernfs_fop_write_iter+0x11c/0x1b0\n new_sync_write+0x11f/0x1b0\n vfs_write+0x1eb/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n kfence-#224: 0x00000000edb8ef95-0x00000000671f5ce1, size=2792, cache=kmalloc-4k\n\n allocated by task 6771 on cpu 10 at 3137.860196s:\n pci_alloc_dev+0x21/0x60\n pci_iov_add_virtfn+0x2a2/0x320\n sriov_enable+0x212/0x3e0\n efx_ef10_sriov_configure+0x67/0x80 [sfc]\n efx_pci_sriov_configure+0x24/0x40 [sfc]\n sriov_numvfs_store+0xba/0x140\n kernfs_fop_write_iter+0x11c/0x1b0\n new_sync_write+0x11f/0x1b0\n vfs_write+0x1eb/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n freed by task 6771 on cpu 12 at 3170.991309s:\n device_release+0x34/0x90\n kobject_cleanup+0x3a/0x130\n pci_iov_remove_virtfn+0xd9/0x120\n sriov_disable+0x30/0xe0\n efx_ef10_pci_sriov_disable+0x57/0x70 [sfc]\n efx_pci_sriov_configure+0x24/0x40 [sfc]\n sriov_numvfs_store+0xfe/0x140\n kernfs_fop_write_iter+0x11c/0x1b0\n new_sync_write+0x11f/0x1b0\n vfs_write+0x1eb/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x5c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49626",
"url": "https://www.suse.com/security/cve/CVE-2022-49626"
},
{
"category": "external",
"summary": "SUSE Bug 1238270 for CVE-2022-49626",
"url": "https://bugzilla.suse.com/1238270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-49626"
},
{
"cve": "CVE-2022-49661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-49661"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_open/close(): fix memory leak\n\nThe gs_usb driver appears to suffer from a malady common to many USB\nCAN adapter drivers in that it performs usb_alloc_coherent() to\nallocate a number of USB request blocks (URBs) for RX, and then later\nrelies on usb_kill_anchored_urbs() to free them, but this doesn\u0027t\nactually free them. As a result, this may be leaking DMA memory that\u0027s\nbeen used by the driver.\n\nThis commit is an adaptation of the techniques found in the esd_usb2\ndriver where a similar design pattern led to a memory leak. It\nexplicitly frees the RX URBs and their DMA memory via a call to\nusb_free_coherent(). Since the RX URBs were allocated in the\ngs_can_open(), we remove them in gs_can_close() rather than in the\ndisconnect function as was done in esd_usb2.\n\nFor more information, see the 928150fad41b (\"can: esd_usb2: fix memory\nleak\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-49661",
"url": "https://www.suse.com/security/cve/CVE-2022-49661"
},
{
"category": "external",
"summary": "SUSE Bug 1237788 for CVE-2022-49661",
"url": "https://bugzilla.suse.com/1237788"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2022-49661"
},
{
"cve": "CVE-2023-0394",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0394"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0394",
"url": "https://www.suse.com/security/cve/CVE-2023-0394"
},
{
"category": "external",
"summary": "SUSE Bug 1207168 for CVE-2023-0394",
"url": "https://bugzilla.suse.com/1207168"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2023-0394"
},
{
"cve": "CVE-2023-52572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix UAF in cifs_demultiplex_thread()\n\nThere is a UAF when xfstests on cifs:\n\n BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160\n Read of size 4 at addr ffff88810103fc08 by task cifsd/923\n\n CPU: 1 PID: 923 Comm: cifsd Not tainted 6.1.0-rc4+ #45\n ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x34/0x44\n print_report+0x171/0x472\n kasan_report+0xad/0x130\n kasan_check_range+0x145/0x1a0\n smb2_is_network_name_deleted+0x27/0x160\n cifs_demultiplex_thread.cold+0x172/0x5a4\n kthread+0x165/0x1a0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e\n\n Allocated by task 923:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_slab_alloc+0x54/0x60\n kmem_cache_alloc+0x147/0x320\n mempool_alloc+0xe1/0x260\n cifs_small_buf_get+0x24/0x60\n allocate_buffers+0xa1/0x1c0\n cifs_demultiplex_thread+0x199/0x10d0\n kthread+0x165/0x1a0\n ret_from_fork+0x1f/0x30\n\n Freed by task 921:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x2a/0x40\n ____kasan_slab_free+0x143/0x1b0\n kmem_cache_free+0xe3/0x4d0\n cifs_small_buf_release+0x29/0x90\n SMB2_negotiate+0x8b7/0x1c60\n smb2_negotiate+0x51/0x70\n cifs_negotiate_protocol+0xf0/0x160\n cifs_get_smb_ses+0x5fa/0x13c0\n mount_get_conns+0x7a/0x750\n cifs_mount+0x103/0xd00\n cifs_smb3_do_mount+0x1dd/0xcb0\n smb3_get_tree+0x1d5/0x300\n vfs_get_tree+0x41/0xf0\n path_mount+0x9b3/0xdd0\n __x64_sys_mount+0x190/0x1d0\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe UAF is because:\n\n mount(pid: 921) | cifsd(pid: 923)\n-------------------------------|-------------------------------\n | cifs_demultiplex_thread\nSMB2_negotiate |\n cifs_send_recv |\n compound_send_recv |\n smb_send_rqst |\n wait_for_response |\n wait_event_state [1] |\n | standard_receive3\n | cifs_handle_standard\n | handle_mid\n | mid-\u003eresp_buf = buf; [2]\n | dequeue_mid [3]\n KILL the process [4] |\n resp_iov[i].iov_base = buf |\n free_rsp_buf [5] |\n | is_network_name_deleted [6]\n | callback\n\n1. After send request to server, wait the response until\n mid-\u003emid_state != SUBMITTED;\n2. Receive response from server, and set it to mid;\n3. Set the mid state to RECEIVED;\n4. Kill the process, the mid state already RECEIVED, get 0;\n5. Handle and release the negotiate response;\n6. UAF.\n\nIt can be easily reproduce with add some delay in [3] - [6].\n\nOnly sync call has the problem since async call\u0027s callback is\nexecuted in cifsd process.\n\nAdd an extra state to mark the mid state to READY before wakeup the\nwaitter, then it can get the resp safely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52572",
"url": "https://www.suse.com/security/cve/CVE-2023-52572"
},
{
"category": "external",
"summary": "SUSE Bug 1220946 for CVE-2023-52572",
"url": "https://bugzilla.suse.com/1220946"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2023-52572"
},
{
"cve": "CVE-2023-52646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naio: fix mremap after fork null-deref\n\nCommit e4a0d3e720e7 (\"aio: Make it possible to remap aio ring\") introduced\na null-deref if mremap is called on an old aio mapping after fork as\nmm-\u003eioctx_table will be set to NULL.\n\n[jmoyer@redhat.com: fix 80 column issue]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52646",
"url": "https://www.suse.com/security/cve/CVE-2023-52646"
},
{
"category": "external",
"summary": "SUSE Bug 1223432 for CVE-2023-52646",
"url": "https://bugzilla.suse.com/1223432"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2023-52646"
},
{
"cve": "CVE-2023-52653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: fix a memleak in gss_import_v2_context\n\nThe ctx-\u003emech_used.data allocated by kmemdup is not freed in neither\ngss_import_v2_context nor it only caller gss_krb5_import_sec_context,\nwhich frees ctx on error.\n\nThus, this patch reform the last call of gss_import_v2_context to the\ngss_krb5_import_ctx_v2, preventing the memleak while keepping the return\nformation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52653",
"url": "https://www.suse.com/security/cve/CVE-2023-52653"
},
{
"category": "external",
"summary": "SUSE Bug 1223712 for CVE-2023-52653",
"url": "https://bugzilla.suse.com/1223712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2023-52653"
},
{
"cve": "CVE-2023-52853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhid: cp2112: Fix duplicate workqueue initialization\n\nPreviously the cp2112 driver called INIT_DELAYED_WORK within\ncp2112_gpio_irq_startup, resulting in duplicate initilizations of the\nworkqueue on subsequent IRQ startups following an initial request. This\nresulted in a warning in set_work_data in workqueue.c, as well as a rare\nNULL dereference within process_one_work in workqueue.c.\n\nInitialize the workqueue within _probe instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52853",
"url": "https://www.suse.com/security/cve/CVE-2023-52853"
},
{
"category": "external",
"summary": "SUSE Bug 1224988 for CVE-2023-52853",
"url": "https://bugzilla.suse.com/1224988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2023-52853"
},
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-6606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6606"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6606",
"url": "https://www.suse.com/security/cve/CVE-2023-6606"
},
{
"category": "external",
"summary": "SUSE Bug 1217947 for CVE-2023-6606",
"url": "https://bugzilla.suse.com/1217947"
},
{
"category": "external",
"summary": "SUSE Bug 1220015 for CVE-2023-6606",
"url": "https://bugzilla.suse.com/1220015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2023-6606"
},
{
"cve": "CVE-2024-23307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23307"
}
],
"notes": [
{
"category": "general",
"text": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23307",
"url": "https://www.suse.com/security/cve/CVE-2024-23307"
},
{
"category": "external",
"summary": "SUSE Bug 1219169 for CVE-2024-23307",
"url": "https://bugzilla.suse.com/1219169"
},
{
"category": "external",
"summary": "SUSE Bug 1220145 for CVE-2024-23307",
"url": "https://bugzilla.suse.com/1220145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2024-23307"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26929"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26929",
"url": "https://www.suse.com/security/cve/CVE-2024-26929"
},
{
"category": "external",
"summary": "SUSE Bug 1223715 for CVE-2024-26929",
"url": "https://bugzilla.suse.com/1223715"
},
{
"category": "external",
"summary": "SUSE Bug 1223716 for CVE-2024-26929",
"url": "https://bugzilla.suse.com/1223716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2024-26929"
},
{
"cve": "CVE-2024-26930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix double free of the ha-\u003evp_map pointer\n\nCoverity scan reported potential risk of double free of the pointer\nha-\u003evp_map. ha-\u003evp_map was freed in qla2x00_mem_alloc(), and again freed\nin function qla2x00_mem_free(ha).\n\nAssign NULL to vp_map and kfree take care of NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26930",
"url": "https://www.suse.com/security/cve/CVE-2024-26930"
},
{
"category": "external",
"summary": "SUSE Bug 1223626 for CVE-2024-26930",
"url": "https://bugzilla.suse.com/1223626"
},
{
"category": "external",
"summary": "SUSE Bug 1223681 for CVE-2024-26930",
"url": "https://bugzilla.suse.com/1223681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2024-26930"
},
{
"cve": "CVE-2024-26931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix command flush on cable pull\n\nSystem crash due to command failed to flush back to SCSI layer.\n\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP NOPTI\n CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1\n Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021\n Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]\n RIP: 0010:__wake_up_common+0x4c/0x190\n Code: 24 10 4d 85 c9 74 0a 41 f6 01 04 0f 85 9d 00 00 00 48 8b 43 08 48 83 c3 08 4c 8d 48 e8 49 8d 41 18 48 39 c3 0f 84 f0 00 00 00 \u003c49\u003e 8b 41 18 89 54 24 08 31 ed 4c 8d 70 e8 45 8b 29 41 f6 c5 04 75\n RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086\n RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320\n RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8\n R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20\n R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n __wake_up_common_lock+0x7c/0xc0\n qla_nvme_ls_req+0x355/0x4c0 [qla2xxx]\n qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae1407ca000 from port 21:32:00:02:ac:07:ee:b8 loop_id 0x02 s_id 01:02:00 logout 1 keep 0 els_logo 0\n ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc]\n qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:00:02:ac:07:ee:b8 state transitioned from ONLINE to LOST - portid=010200.\n ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc]\n qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320002ac07eeb8. rport ffff8ae598122000 roles 1\n ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc]\n qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae14801e000 from port 21:32:01:02:ad:f7:ee:b8 loop_id 0x04 s_id 01:02:01 logout 1 keep 0 els_logo 0\n ? __switch_to+0x10c/0x450\n ? process_one_work+0x1a7/0x360\n qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:01:02:ad:f7:ee:b8 state transitioned from ONLINE to LOST - portid=010201.\n ? worker_thread+0x1ce/0x390\n ? create_worker+0x1a0/0x1a0\n qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320102adf7eeb8. rport ffff8ae3b2312800 roles 70\n ? kthread+0x10a/0x120\n qla2xxx [0000:12:00.1]-2112:3: qla_nvme_unregister_remote_port: unregister remoteport on ffff8ae14801e000 21320102adf7eeb8\n ? set_kthread_struct+0x40/0x40\n qla2xxx [0000:12:00.1]-2110:3: remoteport_delete of ffff8ae14801e000 21320102adf7eeb8 completed.\n ? ret_from_fork+0x1f/0x40\n qla2xxx [0000:12:00.1]-f086:3: qlt_free_session_done: waiting for sess ffff8ae14801e000 logout\n\nThe system was under memory stress where driver was not able to allocate an\nSRB to carry out error recovery of cable pull. The failure to flush causes\nupper layer to start modifying scsi_cmnd. When the system frees up some\nmemory, the subsequent cable pull trigger another command flush. At this\npoint the driver access a null pointer when attempting to DMA unmap the\nSGL.\n\nAdd a check to make sure commands are flush back on session tear down to\nprevent the null pointer access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26931",
"url": "https://www.suse.com/security/cve/CVE-2024-26931"
},
{
"category": "external",
"summary": "SUSE Bug 1223627 for CVE-2024-26931",
"url": "https://bugzilla.suse.com/1223627"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-26931"
},
{
"cve": "CVE-2024-27054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix double module refcount decrement\n\nOnce the discipline is associated with the device, deleting the device\ntakes care of decrementing the module\u0027s refcount. Doing it manually on\nthis error path causes refcount to artificially decrease on each error\nwhile it should just stay the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27054",
"url": "https://www.suse.com/security/cve/CVE-2024-27054"
},
{
"category": "external",
"summary": "SUSE Bug 1223819 for CVE-2024-27054",
"url": "https://bugzilla.suse.com/1223819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-27054"
},
{
"cve": "CVE-2024-27388",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27388"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: fix some memleaks in gssx_dec_option_array\n\nThe creds and oa-\u003edata need to be freed in the error-handling paths after\ntheir allocation. So this patch add these deallocations in the\ncorresponding paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27388",
"url": "https://www.suse.com/security/cve/CVE-2024-27388"
},
{
"category": "external",
"summary": "SUSE Bug 1223744 for CVE-2024-27388",
"url": "https://bugzilla.suse.com/1223744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-27388"
},
{
"cve": "CVE-2024-27397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27397"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: use timestamp to check for set element timeout\n\nAdd a timestamp field at the beginning of the transaction, store it\nin the nftables per-netns area.\n\nUpdate set backend .insert, .deactivate and sync gc path to use the\ntimestamp, this avoids that an element expires while control plane\ntransaction is still unfinished.\n\n.lookup and .update, which are used from packet path, still use the\ncurrent time to check if the element has expired. And .get path and dump\nalso since this runs lockless under rcu read size lock. Then, there is\nasync gc which also needs to check the current time since it runs\nasynchronously from a workqueue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27397",
"url": "https://www.suse.com/security/cve/CVE-2024-27397"
},
{
"category": "external",
"summary": "SUSE Bug 1224095 for CVE-2024-27397",
"url": "https://bugzilla.suse.com/1224095"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-27397"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-49867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49867"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: wait for fixup workers before stopping cleaner kthread during umount\n\nDuring unmount, at close_ctree(), we have the following steps in this order:\n\n1) Park the cleaner kthread - this doesn\u0027t destroy the kthread, it basically\n halts its execution (wake ups against it work but do nothing);\n\n2) We stop the cleaner kthread - this results in freeing the respective\n struct task_struct;\n\n3) We call btrfs_stop_all_workers() which waits for any jobs running in all\n the work queues and then free the work queues.\n\nSyzbot reported a case where a fixup worker resulted in a crash when doing\na delayed iput on its inode while attempting to wake up the cleaner at\nbtrfs_add_delayed_iput(), because the task_struct of the cleaner kthread\nwas already freed. This can happen during unmount because we don\u0027t wait\nfor any fixup workers still running before we call kthread_stop() against\nthe cleaner kthread, which stops and free all its resources.\n\nFix this by waiting for any fixup workers at close_ctree() before we call\nkthread_stop() against the cleaner and run pending delayed iputs.\n\nThe stack traces reported by syzbot were the following:\n\n BUG: KASAN: slab-use-after-free in __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n Read of size 8 at addr ffff8880272a8a18 by task kworker/u8:3/52\n\n CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.12.0-rc1-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n Workqueue: btrfs-fixup btrfs_work_helper\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n __lock_acquire+0x77/0x2050 kernel/locking/lockdep.c:5065\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\n try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4154\n btrfs_writepage_fixup_worker+0xc16/0xdf0 fs/btrfs/inode.c:2842\n btrfs_work_helper+0x390/0xc50 fs/btrfs/async-thread.c:314\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 2:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:319 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\n kasan_slab_alloc include/linux/kasan.h:247 [inline]\n slab_post_alloc_hook mm/slub.c:4086 [inline]\n slab_alloc_node mm/slub.c:4135 [inline]\n kmem_cache_alloc_node_noprof+0x16b/0x320 mm/slub.c:4187\n alloc_task_struct_node kernel/fork.c:180 [inline]\n dup_task_struct+0x57/0x8c0 kernel/fork.c:1107\n copy_process+0x5d1/0x3d50 kernel/fork.c:2206\n kernel_clone+0x223/0x880 kernel/fork.c:2787\n kernel_thread+0x1bc/0x240 kernel/fork.c:2849\n create_kthread kernel/kthread.c:412 [inline]\n kthreadd+0x60d/0x810 kernel/kthread.c:765\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n Freed by task 61:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:230 [inline]\n slab_free_h\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49867",
"url": "https://www.suse.com/security/cve/CVE-2024-49867"
},
{
"category": "external",
"summary": "SUSE Bug 1232262 for CVE-2024-49867",
"url": "https://bugzilla.suse.com/1232262"
},
{
"category": "external",
"summary": "SUSE Bug 1232271 for CVE-2024-49867",
"url": "https://bugzilla.suse.com/1232271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2024-49867"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-49963",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49963"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: bcm2835: Fix timeout during suspend mode\n\nDuring noirq suspend phase the Raspberry Pi power driver suffer of\nfirmware property timeouts. The reason is that the IRQ of the underlying\nBCM2835 mailbox is disabled and rpi_firmware_property_list() will always\nrun into a timeout [1].\n\nSince the VideoCore side isn\u0027t consider as a wakeup source, set the\nIRQF_NO_SUSPEND flag for the mailbox IRQ in order to keep it enabled\nduring suspend-resume cycle.\n\n[1]\nPM: late suspend of devices complete after 1.754 msecs\nWARNING: CPU: 0 PID: 438 at drivers/firmware/raspberrypi.c:128\n rpi_firmware_property_list+0x204/0x22c\nFirmware transaction 0x00028001 timeout\nModules linked in:\nCPU: 0 PID: 438 Comm: bash Tainted: G C 6.9.3-dirty #17\nHardware name: BCM2835\nCall trace:\nunwind_backtrace from show_stack+0x18/0x1c\nshow_stack from dump_stack_lvl+0x34/0x44\ndump_stack_lvl from __warn+0x88/0xec\n__warn from warn_slowpath_fmt+0x7c/0xb0\nwarn_slowpath_fmt from rpi_firmware_property_list+0x204/0x22c\nrpi_firmware_property_list from rpi_firmware_property+0x68/0x8c\nrpi_firmware_property from rpi_firmware_set_power+0x54/0xc0\nrpi_firmware_set_power from _genpd_power_off+0xe4/0x148\n_genpd_power_off from genpd_sync_power_off+0x7c/0x11c\ngenpd_sync_power_off from genpd_finish_suspend+0xcc/0xe0\ngenpd_finish_suspend from dpm_run_callback+0x78/0xd0\ndpm_run_callback from device_suspend_noirq+0xc0/0x238\ndevice_suspend_noirq from dpm_suspend_noirq+0xb0/0x168\ndpm_suspend_noirq from suspend_devices_and_enter+0x1b8/0x5ac\nsuspend_devices_and_enter from pm_suspend+0x254/0x2e4\npm_suspend from state_store+0xa8/0xd4\nstate_store from kernfs_fop_write_iter+0x154/0x1a0\nkernfs_fop_write_iter from vfs_write+0x12c/0x184\nvfs_write from ksys_write+0x78/0xc0\nksys_write from ret_fast_syscall+0x0/0x54\nException stack(0xcc93dfa8 to 0xcc93dff0)\n[...]\nPM: noirq suspend of devices complete after 3095.584 msecs",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49963",
"url": "https://www.suse.com/security/cve/CVE-2024-49963"
},
{
"category": "external",
"summary": "SUSE Bug 1232147 for CVE-2024-49963",
"url": "https://bugzilla.suse.com/1232147"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-49963"
},
{
"cve": "CVE-2024-49975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49975"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: fix kernel info leak via \"[uprobes]\" vma\n\nxol_add_vma() maps the uninitialized page allocated by __create_xol_area()\ninto userspace. On some architectures (x86) this memory is readable even\nwithout VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ,\nalthough this doesn\u0027t really matter, debugger can read this memory anyway.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49975",
"url": "https://www.suse.com/security/cve/CVE-2024-49975"
},
{
"category": "external",
"summary": "SUSE Bug 1232104 for CVE-2024-49975",
"url": "https://bugzilla.suse.com/1232104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-49975"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50067"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobe: avoid out-of-bounds memory access of fetching args\n\nUprobe needs to fetch args into a percpu buffer, and then copy to ring\nbuffer to avoid non-atomic context problem.\n\nSometimes user-space strings, arrays can be very large, but the size of\npercpu buffer is only page size. And store_trace_args() won\u0027t check\nwhether these data exceeds a single page or not, caused out-of-bounds\nmemory access.\n\nIt could be reproduced by following steps:\n1. build kernel with CONFIG_KASAN enabled\n2. save follow program as test.c\n\n```\n\\#include \u003cstdio.h\u003e\n\\#include \u003cstdlib.h\u003e\n\\#include \u003cstring.h\u003e\n\n// If string length large than MAX_STRING_SIZE, the fetch_store_strlen()\n// will return 0, cause __get_data_size() return shorter size, and\n// store_trace_args() will not trigger out-of-bounds access.\n// So make string length less than 4096.\n\\#define STRLEN 4093\n\nvoid generate_string(char *str, int n)\n{\n int i;\n for (i = 0; i \u003c n; ++i)\n {\n char c = i % 26 + \u0027a\u0027;\n str[i] = c;\n }\n str[n-1] = \u0027\\0\u0027;\n}\n\nvoid print_string(char *str)\n{\n printf(\"%s\\n\", str);\n}\n\nint main()\n{\n char tmp[STRLEN];\n\n generate_string(tmp, STRLEN);\n print_string(tmp);\n\n return 0;\n}\n```\n3. compile program\n`gcc -o test test.c`\n\n4. get the offset of `print_string()`\n```\nobjdump -t test | grep -w print_string\n0000000000401199 g F .text 000000000000001b print_string\n```\n\n5. configure uprobe with offset 0x1199\n```\noff=0x1199\n\ncd /sys/kernel/debug/tracing/\necho \"p /root/test:${off} arg1=+0(%di):ustring arg2=\\$comm arg3=+0(%di):ustring\"\n \u003e uprobe_events\necho 1 \u003e events/uprobes/enable\necho 1 \u003e tracing_on\n```\n\n6. run `test`, and kasan will report error.\n==================================================================\nBUG: KASAN: use-after-free in strncpy_from_user+0x1d6/0x1f0\nWrite of size 8 at addr ffff88812311c004 by task test/499CPU: 0 UID: 0 PID: 499 Comm: test Not tainted 6.12.0-rc3+ #18\nHardware name: Red Hat KVM, BIOS 1.16.0-4.al8 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x55/0x70\n print_address_description.constprop.0+0x27/0x310\n kasan_report+0x10f/0x120\n ? strncpy_from_user+0x1d6/0x1f0\n strncpy_from_user+0x1d6/0x1f0\n ? rmqueue.constprop.0+0x70d/0x2ad0\n process_fetch_insn+0xb26/0x1470\n ? __pfx_process_fetch_insn+0x10/0x10\n ? _raw_spin_lock+0x85/0xe0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __pte_offset_map+0x1f/0x2d0\n ? unwind_next_frame+0xc5f/0x1f80\n ? arch_stack_walk+0x68/0xf0\n ? is_bpf_text_address+0x23/0x30\n ? kernel_text_address.part.0+0xbb/0xd0\n ? __kernel_text_address+0x66/0xb0\n ? unwind_get_return_address+0x5e/0xa0\n ? __pfx_stack_trace_consume_entry+0x10/0x10\n ? arch_stack_walk+0xa2/0xf0\n ? _raw_spin_lock_irqsave+0x8b/0xf0\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? depot_alloc_stack+0x4c/0x1f0\n ? _raw_spin_unlock_irqrestore+0xe/0x30\n ? stack_depot_save_flags+0x35d/0x4f0\n ? kasan_save_stack+0x34/0x50\n ? kasan_save_stack+0x24/0x50\n ? mutex_lock+0x91/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n prepare_uprobe_buffer.part.0+0x2cd/0x500\n uprobe_dispatcher+0x2c3/0x6a0\n ? __pfx_uprobe_dispatcher+0x10/0x10\n ? __kasan_slab_alloc+0x4d/0x90\n handler_chain+0xdd/0x3e0\n handle_swbp+0x26e/0x3d0\n ? __pfx_handle_swbp+0x10/0x10\n ? uprobe_pre_sstep_notifier+0x151/0x1b0\n irqentry_exit_to_user_mode+0xe2/0x1b0\n asm_exc_int3+0x39/0x40\nRIP: 0033:0x401199\nCode: 01 c2 0f b6 45 fb 88 02 83 45 fc 01 8b 45 fc 3b 45 e4 7c b7 8b 45 e4 48 98 48 8d 50 ff 48 8b 45 e8 48 01 d0 ce\nRSP: 002b:00007ffdf00576a8 EFLAGS: 00000206\nRAX: 00007ffdf00576b0 RBX: 0000000000000000 RCX: 0000000000000ff2\nRDX: 0000000000000ffc RSI: 0000000000000ffd RDI: 00007ffdf00576b0\nRBP: 00007ffdf00586b0 R08: 00007feb2f9c0d20 R09: 00007feb2f9c0d20\nR10: 0000000000000001 R11: 0000000000000202 R12: 0000000000401040\nR13: 00007ffdf0058780 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nThis commit enforces the buffer\u0027s maxlen less than a page-size to avoid\nstore_trace_args() out-of-memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50067",
"url": "https://www.suse.com/security/cve/CVE-2024-50067"
},
{
"category": "external",
"summary": "SUSE Bug 1232416 for CVE-2024-50067",
"url": "https://bugzilla.suse.com/1232416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-50067"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50251",
"url": "https://www.suse.com/security/cve/CVE-2024-50251"
},
{
"category": "external",
"summary": "SUSE Bug 1233248 for CVE-2024-50251",
"url": "https://bugzilla.suse.com/1233248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50304",
"url": "https://www.suse.com/security/cve/CVE-2024-50304"
},
{
"category": "external",
"summary": "SUSE Bug 1233522 for CVE-2024-50304",
"url": "https://bugzilla.suse.com/1233522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-50304"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53217"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Prevent NULL dereference in nfsd4_process_cb_update()\n\n@ses is initialized to NULL. If __nfsd4_find_backchannel() finds no\navailable backchannel session, setup_callback_client() will try to\ndereference @ses and segfault.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53217",
"url": "https://www.suse.com/security/cve/CVE-2024-53217"
},
{
"category": "external",
"summary": "SUSE Bug 1234999 for CVE-2024-53217",
"url": "https://bugzilla.suse.com/1234999"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-53217"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport\n\nSince transport-\u003esock has been set to NULL during reset transport,\nXPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the\nxs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request()\nto dereference the transport-\u003esock that has been set to NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56688",
"url": "https://www.suse.com/security/cve/CVE-2024-56688"
},
{
"category": "external",
"summary": "SUSE Bug 1235538 for CVE-2024-56688",
"url": "https://bugzilla.suse.com/1235538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-56688"
},
{
"cve": "CVE-2024-57896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57896"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: flush delalloc workers queue before stopping cleaner kthread during unmount\n\nDuring the unmount path, at close_ctree(), we first stop the cleaner\nkthread, using kthread_stop() which frees the associated task_struct, and\nthen stop and destroy all the work queues. However after we stopped the\ncleaner we may still have a worker from the delalloc_workers queue running\ninode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput(),\nwhich in turn tries to wake up the cleaner kthread - which was already\ndestroyed before, resulting in a use-after-free on the task_struct.\n\nSyzbot reported this with the following stack traces:\n\n BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089\n Read of size 8 at addr ffff8880259d2818 by task kworker/u8:3/52\n\n CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n Workqueue: btrfs-delalloc btrfs_work_helper\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\n try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205\n submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615\n run_ordered_work fs/btrfs/async-thread.c:288 [inline]\n btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 2:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:319 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\n kasan_slab_alloc include/linux/kasan.h:250 [inline]\n slab_post_alloc_hook mm/slub.c:4104 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4205\n alloc_task_struct_node kernel/fork.c:180 [inline]\n dup_task_struct+0x57/0x8c0 kernel/fork.c:1113\n copy_process+0x5d1/0x3d50 kernel/fork.c:2225\n kernel_clone+0x223/0x870 kernel/fork.c:2807\n kernel_thread+0x1bc/0x240 kernel/fork.c:2869\n create_kthread kernel/kthread.c:412 [inline]\n kthreadd+0x60d/0x810 kernel/kthread.c:767\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n Freed by task 24:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kmem_cache_free+0x195/0x410 mm/slub.c:4700\n put_task_struct include/linux/sched/task.h:144 [inline]\n delayed_put_task_struct+0x125/0x300 kernel/exit.c:227\n rcu_do_batch kernel/rcu/tree.c:2567 [inline]\n rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:943\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57896",
"url": "https://www.suse.com/security/cve/CVE-2024-57896"
},
{
"category": "external",
"summary": "SUSE Bug 1235965 for CVE-2024-57896",
"url": "https://bugzilla.suse.com/1235965"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2024-57896"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it\u0027s aborted,\nwe read its \u0027aborted\u0027 field after unlocking fs_info-\u003etrans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its \u0027aborted\u0027 field, leading to a use-after-free.\n\nFix this by reading the \u0027aborted\u0027 field while holding fs_info-\u003etrans_lock\nsince any freeing task must first acquire that lock and set\nfs_info-\u003erunning_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21753",
"url": "https://www.suse.com/security/cve/CVE-2025-21753"
},
{
"category": "external",
"summary": "SUSE Bug 1237875 for CVE-2025-21753",
"url": "https://bugzilla.suse.com/1237875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_250-default-1-8.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.250.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.250.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.250.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-11T10:55:11Z",
"details": "moderate"
}
],
"title": "CVE-2025-21753"
}
]
}
suse-su-2025:20190-1
Vulnerability from csaf_suse
Published
2025-04-17 10:48
Modified
2025-04-17 10:48
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).
- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).
- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).
- CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).
- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56638: kABI fix for "netfilter: nft_inner: incorrect percpu area handling under softirq" (bsc#1235524).
- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).
- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).
- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).
- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).
- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).
- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).
- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).
- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).
- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).
- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).
- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).
- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).
- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).
- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).
- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).
- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).
- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).
- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).
- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).
- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).
- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).
- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).
- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).
- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).
- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: ops: Consistently treat platform_max as control value (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).
- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).
- Fix memory-hotplug regression (bsc#1237504)
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Enable playstation driver independently of sony driver (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).
- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).
- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).
- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: ads7846 - fix gpiod allocation (git-fixes).
- Input: allocate keycode for phone linking (stable-fixes).
- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).
- Input: iqs7222 - preserve system status register (git-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - rename QH controller to Legion Go S (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- Move upstreamed ACPI patch into sorted section
- Move upstreamed PCI and initramfs patches into sorted section
- Move upstreamed nfsd and sunrpc patches into sorted section
- Move upstreamed powerpc and SCSI patches into sorted section
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).
- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)
- PCI/DOE: Support discovery version 2 (bsc#1237853)
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).
- PCI: brcmstb: Use internal register to change link capability (git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Reapply "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "blk-throttle: Fix IO hang for a corner case" (git-fixes).
- Revert "dm: requeue IO if mapping table not yet available" (git-fixes).
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (git-fixes).
- Revert "drm/amd/display: Use HW lock mgr for PSR1" (stable-fixes).
- Revert "leds-pca955x: Remove the unused function pca95xx_num_led_regs()" (stable-fixes).
- Revert "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "wifi: ath11k: support hibernation" (bsc#1207948).
- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).
- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).
- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).
- Update "drm/mgag200: Added support for the new device G200eH5" (jsc#PED-12094)
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- add nf_tables for iptables non-legacy network handling.
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435).
- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).
- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).
- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).
- ata: pata_parport: add custom version of wait_after_reset (git-fixes).
- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).
- ata: pata_serverworks: Do not use the term blacklist (git-fixes).
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: cleanup and fix batch completion adding conditions (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: do not revert iter for -EIOCBQUEUED (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).
- bpf: Fix a verifier verbose message (git-fixes).
- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).
- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).
- bpf: prevent r10 register from being marked as precise (git-fixes).
- broadcom: fix supported flag check in periodic output function (git-fixes).
- btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605).
- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).
- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).
- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).
- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).
- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: ucan: fix out of bound read in strscpy() source (git-fixes).
- cdx: Fix possible UAF error in driver_override_show() (git-fixes).
- char: misc: deallocate static minor in error path (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).
- config: Set gcc version (jsc#PED-12251).
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).
- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)
- cpufreq/cppc: Move and rename (bsc#1237856)
- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)
- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (jsc#PED-12416).
- crypto: qat - Fix typo "accelaration" (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - add support for device telemetry (jsc#PED-12416).
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - fix "Full Going True" macro definition (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- dlm: prevent NPD when writing a positive value to event_done (git-fixes).
- dm array: fix cursor index when skipping across block boundaries (git-fixes).
- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).
- dm init: Handle minors larger than 255 (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm persistent data: fix memory allocation failure (git-fixes).
- dm resume: do not return EINVAL when signalled (git-fixes).
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes).
- dm-crypt: track tag_offset in convert_context (git-fixes).
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- dm-delay: fix max_delay calculations (git-fixes).
- dm-delay: fix workqueue delay_timer race (git-fixes).
- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).
- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).
- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).
- dm: Fix typo in error message (git-fixes).
- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).
- doc/README.SUSE: Point to the updated version of LKMPG
- doc: update managed_irq documentation (bsc#1236897).
- driver core: Remove needless return in void API device_remove_group() (git-fixes).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).
- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).
- drm/amd/display: Fix HPD after gpu reset (stable-fixes).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).
- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/bridge: Fix spelling mistake "gettin" -> "getting" (git-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/dpu: do not use active in atomic_check() (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/nouveau: Do not override forced connector status (stable-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).
- drm/repaper: fix integer overflows in repeat functions (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- drm/vkms: Fix use after free and double free on init error (git-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).
- firmware: cs_dsp: Remove async regmap writes (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: rcar: Fix missing of_node_put() call (git-fixes).
- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).
- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).
- iio: dac: ad3552r: clear reset status flag (git-fixes).
- iio: filter: admv8818: Force initialization of SDO (git-fixes).
- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).
- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).
- init: add initramfs_internal.h (bsc#1232848).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- initramfs: allocate heap buffers together (bsc#1232848).
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- ioam6: improve checks on user data (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI workaround for intel-ish-hid (git-fixes).
- kABI workaround for soc_mixer_control changes (git-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-source: Also replace bin/env
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).
- l2tp: fix lockdep splat (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: 842: Improve error handling in sw842_compress() (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- mdacon: rework dependency list (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).
- media: streamzap: fix race between device disconnection and urb callback (git-fixes).
- media: streamzap: prevent processing IR data on URB failure (git-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).
- media: venus: hfi: add check to handle incorrect queue size (git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- media: vim2m: print device name after registering device (git-fixes).
- media: visl: Fix ERANGE error when setting enum controls (git-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- memblock tests: fix warning: "__ALIGN_KERNEL" redefined (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).
- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Remove extern from function prototypes (stable-fixes).
- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).
- mm: accept to promo watermark (bsc#1239600).
- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).
- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- net l2tp: drop flow hash on forward (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).
- net/sched: flower: Add lock protection when remove filter handle (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes).
- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: add dev_net_rcu() helper (bsc#1239994).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).
- net: move altnames together with the netdevice (bsc#1233749).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).
- net: use unrcu_pointer() helper (git-fixes).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).
- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes).
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- nfsd: clear acl_access/acl_default after releasing them (git-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).
- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).
- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet-fc: Remove unused functions (git-fixes).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- nvmet: remove old function prototype (git-fixes).
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- ocfs2: handle a symlink read error correctly (git-fixes).
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- orangefs: fix a oob in orangefs_debug_write (git-fixes).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- padata: fix sysfs store callback check (git-fixes).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- partitions: mac: fix handling of bogus partition table (git-fixes).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).
- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896
bsc#1235932).
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- powerpc: Stop using no_llseek (bsc#1239573).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).
- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).
- rapidio: fix an API misues when rio_add_net() fails (git-fixes).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- regulator: check that dummy regulator has been probed before using it (stable-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- regulator: dummy: force synchronous probing (git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).
- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).
- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).
- smb3: fix creating FIFOs when mounting with "sfu" mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).
- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- sunrpc: suppress warnings for unused procfs functions (git-fixes).
- supported.conf: add now-included qat_420xx (external, intel)
- tcp: Add memory barrier to tcp_push() (git-fixes).
- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes).
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).
- tcp: Update window clamping condition (git-fixes).
- tcp: add tcp_done_with_error() helper (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).
- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- tcp: define initial scaling factor value as a macro (git-fixes).
- tcp: derive delack_max from rto_min (git-fixes).
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).
- tcp: fix mid stream window clamp (git-fixes).
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- tcp: fix race in tcp_write_err() (git-fixes).
- tcp: fix races in tcp_abort() (git-fixes).
- tcp: fix races in tcp_v_err() (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes).
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).
- tcp: increase the default TCP scaling ratio (git-fixes).
- tcp: introduce tcp_clock_ms() (git-fixes).
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).
- tools: fix annoying "mkdir -p ..." logs when building tools in parallel (git-fixes).
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).
- tpm: do not start chip while suspended (git-fixes).
- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ubi: Add a check for ubi_num (git-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).
- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).
- usb: gadget: Fix setting self-powered state on suspend (git-fixes).
- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: hub: lack of clearing xHC resources (git-fixes).
- usb: phy: generic: Use proper helper for property detection (stable-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: renesas_usbhs: Call clk_put() (git-fixes).
- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).
- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).
- usb: typec: ucsi: Fix NULL pointer access (git-fixes).
- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- vfio/pci: Lock external INTx masking ops (bsc#1222803).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes).
- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).
- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).
- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).
- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- x86/microcode/intel: Cleanup code further (git-fixes).
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- x86/microcode/intel: Remove debug code (git-fixes).
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- x86/microcode/intel: Simplify early loading (git-fixes).
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- x86/microcode: Add per CPU control field (git-fixes).
- x86/microcode: Add per CPU result state (git-fixes).
- x86/microcode: Clarify the late load logic (git-fixes).
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- x86/microcode: Handle "nosmt" correctly (git-fixes).
- x86/microcode: Handle "offline" CPUs correctly (git-fixes).
- x86/microcode: Hide the config knob (git-fixes).
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- x86/microcode: Mop up early loading leftovers (git-fixes).
- x86/microcode: Move core specific defines to local header (git-fixes).
- x86/microcode: Prepare for minimal revision check (git-fixes).
- x86/microcode: Protect against instrumentation (git-fixes).
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- x86/microcode: Provide new control functions (git-fixes).
- x86/microcode: Remove microcode_mutex (git-fixes).
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/mm: Remove unused microcode.h include (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).
- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).
- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).
- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).
- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
Patchnames
SUSE-SLE-Micro-6.0-kernel-8
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).\n- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).\n- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).\n- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).\n- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).\n- CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).\n- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).\n- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).\n- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).\n- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56638: kABI fix for \"netfilter: nft_inner: incorrect percpu area handling under softirq\" (bsc#1235524).\n- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).\n- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).\n- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).\n- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).\n- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).\n- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).\n- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).\n- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).\n- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).\n- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).\n- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).\n- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).\n- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).\n- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy (bsc#1236111).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).\n- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).\n- CVE-2025-21678: gtp: Destroy device along with udp socket\u0027s netns dismantle (bsc#1236698).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).\n- CVE-2025-21703: netem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).\n- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).\n- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).\n- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).\n- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).\n- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).\n- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).\n- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).\n- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).\n- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).\n- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).\n- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).\n- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).\n- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).\n- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).\n- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).\n- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).\n- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).\n- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).\n- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).\n- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).\n- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).\n- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).\n- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).\n- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).\n- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).\n- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).\n- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).\n- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).\n- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).\n- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).\n- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).\n- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).\n- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).\n- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).\n- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).\n- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).\n- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).\n- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: ops: Consistently treat platform_max as control value (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- ASoC: rt722-sdca: add missing readable registers (git-fixes).\n- ASoC: tas2764: Fix power control mask (stable-fixes).\n- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).\n- ASoC: tas2770: Fix volume scale (stable-fixes).\n- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).\n- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).\n- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).\n- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).\n- Documentation: qat: fix auto_reset attribute details (git-fixes).\n- Documentation: qat: fix auto_reset section (git-fixes).\n- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).\n- Fix memory-hotplug regression (bsc#1237504)\n- Grab mm lock before grabbing pt lock (git-fixes).\n- HID: Enable playstation driver independently of sony driver (git-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).\n- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).\n- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).\n- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).\n- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).\n- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).\n- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).\n- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).\n- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).\n- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).\n- IB/mad: Check available slots before posting receive WRs (git-fixes)\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: ads7846 - fix gpiod allocation (git-fixes).\n- Input: allocate keycode for phone linking (stable-fixes).\n- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).\n- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).\n- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).\n- Input: iqs7222 - preserve system status register (git-fixes).\n- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).\n- Input: xpad - add multiple supported devices (stable-fixes).\n- Input: xpad - add support for TECNO Pocket Go (stable-fixes).\n- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).\n- Input: xpad - rename QH controller to Legion Go S (stable-fixes).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Skip the \"try unsync\" path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- Move upstreamed ACPI patch into sorted section\n- Move upstreamed PCI and initramfs patches into sorted section\n- Move upstreamed nfsd and sunrpc patches into sorted section\n- Move upstreamed powerpc and SCSI patches into sorted section\n- PCI/ACS: Fix \u0027pci=config_acs=\u0027 parameter (git-fixes).\n- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).\n- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)\n- PCI/DOE: Support discovery version 2 (bsc#1237853)\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).\n- PCI: Avoid reset when disabled via sysfs (git-fixes).\n- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).\n- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).\n- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).\n- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).\n- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).\n- PCI: brcmstb: Use internal register to change link capability (git-fixes).\n- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).\n- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).\n- PM: sleep: Adjust check before setting power.must_resume (git-fixes).\n- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).\n- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).\n- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)\n- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)\n- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/hns: Fix missing xa_destroy() (git-fixes)\n- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)\n- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)\n- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)\n- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)\n- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Reapply \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"blk-throttle: Fix IO hang for a corner case\" (git-fixes).\n- Revert \"dm: requeue IO if mapping table not yet available\" (git-fixes).\n- Revert \"drivers/card_reader/rtsx_usb: Restore interrupt based detection\" (git-fixes).\n- Revert \"drm/amd/display: Use HW lock mgr for PSR1\" (stable-fixes).\n- Revert \"leds-pca955x: Remove the unused function pca95xx_num_led_regs()\" (stable-fixes).\n- Revert \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"wifi: ath11k: support hibernation\" (bsc#1207948).\n- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).\n- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).\n- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).\n- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).\n- Update \"drm/mgag200: Added support for the new device G200eH5\" (jsc#PED-12094)\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).\n- accel/qaic: Fix possible data corruption in BOs \u003e 2G (git-fixes).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- add nf_tables for iptables non-legacy network handling.\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- af_unix: Annotate data-race of sk-\u003esk_state in unix_stream_read_skb() (bsc#1239435).\n- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).\n- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)\n- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)\n- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)\n- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)\n- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)\n- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)\n- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)\n- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)\n- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)\n- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)\n- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)\n- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)\n- ata: ahci: Add mask_port_map module parameter (git-fixes).\n- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).\n- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).\n- ata: pata_parport: add custom version of wait_after_reset (git-fixes).\n- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).\n- ata: pata_serverworks: Do not use the term blacklist (git-fixes).\n- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).\n- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).\n- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).\n- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- bitmap: introduce generic optimized bitmap_size() (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: cleanup and fix batch completion adding conditions (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: do not revert iter for -EIOCBQUEUED (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).\n- bpf: Fix a verifier verbose message (git-fixes).\n- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).\n- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).\n- bpf: prevent r10 register from being marked as precise (git-fixes).\n- broadcom: fix supported flag check in periodic output function (git-fixes).\n- btrfs: check delayed refs when we\u0027re checking if a ref exists (bsc#1239605).\n- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).\n- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).\n- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).\n- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).\n- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).\n- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).\n- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).\n- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).\n- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: flexcan: disable transceiver during system PM (git-fixes).\n- can: flexcan: only change CAN state when link up in system PM (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).\n- can: ucan: fix out of bound read in strscpy() source (git-fixes).\n- cdx: Fix possible UAF error in driver_override_show() (git-fixes).\n- char: misc: deallocate static minor in error path (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).\n- config: Set gcc version (jsc#PED-12251).\n- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).\n- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).\n- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)\n- cpufreq/cppc: Move and rename (bsc#1237856)\n- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)\n- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- cpumask: add cpumask_weight_andnot() (bsc#1239015).\n- cpumask: define cleanup function for cpumasks (bsc#1239015).\n- crypto: ccp - Fix check for the primary ASP device (git-fixes).\n- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).\n- crypto: iaa - Change desc-\u003epriv to 0 (jsc#PED-12416).\n- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).\n- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove header table code (jsc#PED-12416).\n- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).\n- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).\n- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).\n- crypto: iaa - Test the correct request flag (git-fixes).\n- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).\n- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).\n- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).\n- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).\n- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).\n- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).\n- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).\n- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).\n- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).\n- crypto: qat - Fix spelling mistake \"Invalide\" -\u003e \"Invalid\" (jsc#PED-12416).\n- crypto: qat - Fix typo \"accelaration\" (jsc#PED-12416).\n- crypto: qat - Fix typo (jsc#PED-12416).\n- crypto: qat - Remove trailing space after \\n newline (jsc#PED-12416).\n- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).\n- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).\n- crypto: qat - add auto reset on error (jsc#PED-12416).\n- crypto: qat - add bank save and restore flows (jsc#PED-12416).\n- crypto: qat - add fatal error notification (jsc#PED-12416).\n- crypto: qat - add fatal error notify method (jsc#PED-12416).\n- crypto: qat - add heartbeat error simulator (jsc#PED-12416).\n- crypto: qat - add interface for live migration (jsc#PED-12416).\n- crypto: qat - add support for 420xx devices (jsc#PED-12416).\n- crypto: qat - add support for device telemetry (jsc#PED-12416).\n- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).\n- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).\n- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).\n- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).\n- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).\n- crypto: qat - disable arbitration before reset (jsc#PED-12416).\n- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).\n- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).\n- crypto: qat - fix \"Full Going True\" macro definition (jsc#PED-12416).\n- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).\n- crypto: qat - fix comment structure (jsc#PED-12416).\n- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).\n- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).\n- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).\n- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).\n- crypto: qat - implement dh fallback for primes \u003e 4K (jsc#PED-12416).\n- crypto: qat - implement interface for live migration (jsc#PED-12416).\n- crypto: qat - improve aer error reset handling (jsc#PED-12416).\n- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).\n- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).\n- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).\n- crypto: qat - limit heartbeat notifications (jsc#PED-12416).\n- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).\n- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).\n- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).\n- crypto: qat - move fw config related structures (jsc#PED-12416).\n- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).\n- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).\n- crypto: qat - relocate CSR access code (jsc#PED-12416).\n- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).\n- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).\n- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).\n- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).\n- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).\n- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).\n- crypto: qat - set parity error mask for qat_420xx (git-fixes).\n- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).\n- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).\n- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).\n- crypto: qat - validate slices count returned by FW (jsc#PED-12416).\n- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- dlm: prevent NPD when writing a positive value to event_done (git-fixes).\n- dm array: fix cursor index when skipping across block boundaries (git-fixes).\n- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).\n- dm init: Handle minors larger than 255 (git-fixes).\n- dm integrity: fix out-of-range warning (git-fixes).\n- dm persistent data: fix memory allocation failure (git-fixes).\n- dm resume: do not return EINVAL when signalled (git-fixes).\n- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).\n- dm thin: Add missing destroy_work_on_stack() (git-fixes).\n- dm-crypt: do not update io-\u003esector after kcryptd_crypt_write_io_submit() (git-fixes).\n- dm-crypt: track tag_offset in convert_context (git-fixes).\n- dm-delay: fix hung task introduced by kthread mode (git-fixes).\n- dm-delay: fix max_delay calculations (git-fixes).\n- dm-delay: fix workqueue delay_timer race (git-fixes).\n- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).\n- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).\n- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).\n- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).\n- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).\n- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).\n- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).\n- dm: Fix typo in error message (git-fixes).\n- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).\n- doc/README.SUSE: Point to the updated version of LKMPG\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: Remove needless return in void API device_remove_group() (git-fixes).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).\n- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).\n- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).\n- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).\n- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).\n- drm/amd/display: Fix HPD after gpu reset (stable-fixes).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).\n- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).\n- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).\n- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).\n- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amdgpu/umsch: declare umsch firmware (git-fixes).\n- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).\n- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).\n- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).\n- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: Fix Circular Locking Dependency in \u0027svm_range_cpu_invalidate_pagetables\u0027 (git-fixes).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/atomic: Filter out redundant DPMS calls (stable-fixes).\n- drm/bridge: Fix spelling mistake \"gettin\" -\u003e \"getting\" (git-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).\n- drm/dp_mst: Fix drm RAD print (git-fixes).\n- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).\n- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).\n- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).\n- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).\n- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL\u0027s own port width macro (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mediatek: dp: drm_err =\u003e dev_err in HPD path to avoid NULL ptr (git-fixes).\n- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).\n- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).\n- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).\n- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/dpu: do not use active in atomic_check() (git-fixes).\n- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).\n- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/nouveau: Do not override forced connector status (stable-fixes).\n- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).\n- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).\n- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).\n- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).\n- drm/repaper: fix integer overflows in repeat functions (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/sched: Fix fence reference count leak (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).\n- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).\n- drm/ssd130x: fix ssd132x encoding (git-fixes).\n- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- drm/vkms: Fix use after free and double free on init error (git-fixes).\n- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).\n- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).\n- dummycon: fix default rows/cols (git-fixes).\n- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).\n- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).\n- fbdev: sm501fb: Add some geometry checks (git-fixes).\n- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).\n- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).\n- firmware: cs_dsp: Remove async regmap writes (git-fixes).\n- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: rcar: Fix missing of_node_put() call (git-fixes).\n- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).\n- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).\n- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).\n- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).\n- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).\n- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).\n- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- i2c: omap: fix IRQ storms (git-fixes).\n- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).\n- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).\n- i3c: master: svc: Fix missing the IBI rules (git-fixes).\n- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).\n- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).\n- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).\n- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).\n- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).\n- iio: dac: ad3552r: clear reset status flag (git-fixes).\n- iio: filter: admv8818: Force initialization of SDO (git-fixes).\n- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).\n- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).\n- init: add initramfs_internal.h (bsc#1232848).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- initramfs: allocate heap buffers together (bsc#1232848).\n- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).\n- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).\n- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).\n- intel_th: pci: Add Arrow Lake support (stable-fixes).\n- intel_th: pci: Add Panther Lake-H support (stable-fixes).\n- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).\n- ioam6: improve checks on user data (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- iommu/vt-d: Fix suspicious RCU usage (git-fixes).\n- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).\n- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).\n- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).\n- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).\n- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).\n- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).\n- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).\n- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).\n- ipv6: Use RCU in ip6_input() (bsc#1239994).\n- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).\n- ipv6: avoid atomic fragment on GSO packets (git-fixes).\n- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).\n- ipv6: fib: hide unused \u0027pn\u0027 variable (git-fixes).\n- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).\n- ipv6: fix potential NULL deref in fib6_add() (git-fixes).\n- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).\n- ipv6: introduce dst_rt6_info() helper (git-fixes).\n- ipv6: ioam: block BH from ioam6_output() (git-fixes).\n- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).\n- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- ipv6: sr: add missing seg6_local_exit (git-fixes).\n- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).\n- ipv6: take care of scope when choosing the src addr (git-fixes).\n- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).\n- jfs: add check read-only before txBeginAnon() call (git-fixes).\n- jfs: add index corruption check to DT_GETPAGE() (git-fixes).\n- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).\n- jfs: reject on-disk inodes of an unsupported type (git-fixes).\n- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)\n- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).\n- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).\n- kABI workaround for intel-ish-hid (git-fixes).\n- kABI workaround for soc_mixer_control changes (git-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: hdrcheck: fix cross build with clang (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-source: Also replace bin/env\n- kunit: qemu_configs: sparc: use Zilog console (git-fixes).\n- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).\n- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).\n- l2tp: fix lockdep splat (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: 842: Improve error handling in sw842_compress() (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- mdacon: rework dependency list (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).\n- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).\n- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).\n- media: i2c: ccs: Set the device\u0027s runtime PM status correctly in remove (git-fixes).\n- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).\n- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).\n- media: ov08x40: Fix hblank out of range issue (git-fixes).\n- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).\n- media: platform: stm32: Add check for clk_enable() (git-fixes).\n- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).\n- media: streamzap: fix race between device disconnection and urb callback (git-fixes).\n- media: streamzap: prevent processing IR data on URB failure (git-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).\n- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).\n- media: venus: hfi: add check to handle incorrect queue size (git-fixes).\n- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).\n- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).\n- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- media: vim2m: print device name after registering device (git-fixes).\n- media: visl: Fix ERANGE error when setting enum controls (git-fixes).\n- mei: me: add panther lake P DID (stable-fixes).\n- memblock tests: fix warning: \"__ALIGN_KERNEL\" redefined (git-fixes).\n- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).\n- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).\n- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).\n- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).\n- mfd: syscon: Remove extern from function prototypes (stable-fixes).\n- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).\n- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).\n- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).\n- mm: accept to promo watermark (bsc#1239600).\n- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).\n- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- mm: zswap: move allocations during CPU init outside the lock (git-fixes).\n- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).\n- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: Add check for devm_kcalloc() (git-fixes).\n- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).\n- mtd: nand: Fix a kdoc comment (git-fixes).\n- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).\n- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).\n- net l2tp: drop flow hash on forward (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).\n- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).\n- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).\n- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).\n- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).\n- net/sched: flower: Add lock protection when remove filter handle (git-fixes).\n- net/sched: taprio: make q-\u003epicos_per_byte available to fill_sched_entry() (git-fixes).\n- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: add dev_net_rcu() helper (bsc#1239994).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).\n- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).\n- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).\n- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).\n- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).\n- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).\n- net: ipv6: ioam6: code alignment (git-fixes).\n- net: ipv6: ioam6: new feature tunsrc (git-fixes).\n- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).\n- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).\n- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).\n- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: mana: Allow variable size indirection table (bsc#1239016).\n- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).\n- net: mana: Avoid open coded arithmetic (bsc#1239016).\n- net: mana: Cleanup \"mana\" debugfs dir after cleanup of all children (bsc#1236760).\n- net: mana: Enable debugfs files for MANA device (bsc#1236758).\n- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Support holes in device list reply msg (git-fixes).\n- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).\n- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: netvsc: Update default VMBus channels (bsc#1236757).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).\n- net: use unrcu_pointer() helper (git-fixes).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).\n- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).\n- net_sched: sch_sfq: annotate data-races around q-\u003eperturb_period (git-fixes).\n- net_sched: sch_sfq: handle bigger packets (git-fixes).\n- nfsd: clear acl_access/acl_default after releasing them (git-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).\n- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).\n- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-ioctl: fix leaked requests on mapping error (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).\n- nvme-pci: remove stale comment (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: Fix a C2HTermReq error message (git-fixes).\n- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).\n- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).\n- nvme: move passthrough logging attribute to head (git-fixes).\n- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvmet-fc: Remove unused functions (git-fixes).\n- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).\n- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- nvmet: remove old function prototype (git-fixes).\n- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).\n- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- ocfs2: handle a symlink read error correctly (git-fixes).\n- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).\n- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).\n- orangefs: fix a oob in orangefs_debug_write (git-fixes).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- padata: fix sysfs store callback check (git-fixes).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- partitions: mac: fix handling of bogus partition table (git-fixes).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).\n- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).\n- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).\n- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).\n- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).\n- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).\n- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).\n- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).\n- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896\n bsc#1235932).\n- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- powerpc: Stop using no_llseek (bsc#1239573).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).\n- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).\n- rapidio: fix an API misues when rio_add_net() fails (git-fixes).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- regulator: check that dummy regulator has been probed before using it (stable-fixes).\n- regulator: core: Fix deadlock in create_regulator() (git-fixes).\n- regulator: dummy: force synchronous probing (git-fixes).\n- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- rpm/release-projects: Update the ALP projects again (bsc#1231293).\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).\n- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).\n- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).\n- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/mm/cow: fix the incorrect error handling (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).\n- smb3: fix creating FIFOs when mounting with \"sfu\" mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: destroy cfid_put_wq on module exit (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- soc: imx8m: Remove global soc_uid (stable-fixes).\n- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).\n- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).\n- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: pdr: Fix the potential deadlock (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).\n- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).\n- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).\n- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- splice: do not checksum AF_UNIX sockets (bsc#1240333).\n- sunrpc: suppress warnings for unused procfs functions (git-fixes).\n- supported.conf: add now-included qat_420xx (external, intel)\n- tcp: Add memory barrier to tcp_push() (git-fixes).\n- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).\n- tcp: Annotate data-race around sk-\u003esk_mark in tcp_v4_send_reset (git-fixes).\n- tcp: Defer ts_recent changes until req is owned (git-fixes).\n- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).\n- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).\n- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).\n- tcp: Update window clamping condition (git-fixes).\n- tcp: add tcp_done_with_error() helper (git-fixes).\n- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).\n- tcp: annotate data-races around tp-\u003ewindow_clamp (git-fixes).\n- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).\n- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).\n- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).\n- tcp: check space before adding MPTCP SYN options (git-fixes).\n- tcp: clear tp-\u003eretrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).\n- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).\n- tcp: define initial scaling factor value as a macro (git-fixes).\n- tcp: derive delack_max from rto_min (git-fixes).\n- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).\n- tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).\n- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).\n- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).\n- tcp: fix mid stream window clamp (git-fixes).\n- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).\n- tcp: fix race in tcp_write_err() (git-fixes).\n- tcp: fix races in tcp_abort() (git-fixes).\n- tcp: fix races in tcp_v_err() (git-fixes).\n- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it\u0027s safe (git-fixes).\n- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).\n- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).\n- tcp: increase the default TCP scaling ratio (git-fixes).\n- tcp: introduce tcp_clock_ms() (git-fixes).\n- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).\n- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).\n- tcp: remove 64 KByte limit for initial tp-\u003ercv_wnd value (git-fixes).\n- tcp: replace tcp_time_stamp_raw() (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).\n- thermal: int340x: Add NULL check for adev (git-fixes).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).\n- tools: fix annoying \"mkdir -p ...\" logs when building tools in parallel (git-fixes).\n- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).\n- tpm: do not start chip while suspended (git-fixes).\n- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).\n- tty: xilinx_uartps: split sysrq handling (git-fixes).\n- ubi: Add a check for ubi_num (git-fixes).\n- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).\n- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).\n- ubi: correct the calculation of fastmap size (stable-fixes).\n- ubi: eba: properly rollback inside self_check_eba (git-fixes).\n- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).\n- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).\n- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).\n- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: chipidea: ci_hdrc_imx: decrement device\u0027s refcount in .remove() and in the error path of .probe() (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).\n- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).\n- usb: gadget: Fix setting self-powered state on suspend (git-fixes).\n- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: hub: lack of clearing xHC resources (git-fixes).\n- usb: phy: generic: Use proper helper for property detection (stable-fixes).\n- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: renesas_usbhs: Call clk_put() (git-fixes).\n- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).\n- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).\n- usb: typec: ucsi: Fix NULL pointer access (git-fixes).\n- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).\n- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).\n- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usb: xhci: remove \u0027retval\u0027 from xhci_pci_resume() (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vboxsf: fix building with GCC 15 (stable-fixes).\n- vfio/pci: Lock external INTx masking ops (bsc#1222803).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio-mem: check if the config changed before fake offlining memory (git-fixes).\n- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).\n- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).\n- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- vsock/virtio: cancel close work in the destructor (git-fixes)\n- vsock: Keep the binding until socket destruction (git-fixes)\n- vsock: reset socket state when de-assigning the transport (git-fixes)\n- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).\n- wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode (git-fixes).\n- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).\n- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).\n- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).\n- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).\n- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).\n- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).\n- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).\n- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).\n- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).\n- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).\n- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).\n- wifi: mt76: Add check for devm_kstrdup() (git-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).\n- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).\n- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).\n- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).\n- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).\n- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/coco: Replace \u0027static const cc_mask\u0027 with the newly introduced cc_get_mask() function (git-fixes).\n- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).\n- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).\n- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).\n- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).\n- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).\n- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).\n- x86/microcode/32: Move early loading after paging enable (git-fixes).\n- x86/microcode/amd: Cache builtin microcode too (git-fixes).\n- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).\n- x86/microcode/amd: Use cached microcode for AP load (git-fixes).\n- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).\n- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).\n- x86/microcode/intel: Cleanup code further (git-fixes).\n- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).\n- x86/microcode/intel: Remove debug code (git-fixes).\n- x86/microcode/intel: Remove pointless mutex (git-fixes).\n- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).\n- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).\n- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).\n- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).\n- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).\n- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).\n- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).\n- x86/microcode/intel: Simplify early loading (git-fixes).\n- x86/microcode/intel: Simplify scan_microcode() (git-fixes).\n- x86/microcode/intel: Switch to kvmalloc() (git-fixes).\n- x86/microcode/intel: Unify microcode apply() functions (git-fixes).\n- x86/microcode: Add per CPU control field (git-fixes).\n- x86/microcode: Add per CPU result state (git-fixes).\n- x86/microcode: Clarify the late load logic (git-fixes).\n- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).\n- x86/microcode: Get rid of the schedule work indirection (git-fixes).\n- x86/microcode: Handle \"nosmt\" correctly (git-fixes).\n- x86/microcode: Handle \"offline\" CPUs correctly (git-fixes).\n- x86/microcode: Hide the config knob (git-fixes).\n- x86/microcode: Include vendor headers into microcode.h (git-fixes).\n- x86/microcode: Make reload_early_microcode() static (git-fixes).\n- x86/microcode: Mop up early loading leftovers (git-fixes).\n- x86/microcode: Move core specific defines to local header (git-fixes).\n- x86/microcode: Prepare for minimal revision check (git-fixes).\n- x86/microcode: Protect against instrumentation (git-fixes).\n- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).\n- x86/microcode: Provide new control functions (git-fixes).\n- x86/microcode: Remove microcode_mutex (git-fixes).\n- x86/microcode: Remove pointless apply() invocation (git-fixes).\n- x86/microcode: Rendezvous and load in NMI (git-fixes).\n- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).\n- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/mm: Remove unused microcode.h include (git-fixes).\n- x86/platform/olpc: Remove unused variable \u0027len\u0027 in olpc_dt_compatible_match() (git-fixes).\n- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).\n- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()\u0027s description (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).\n- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).\n- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).\n- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).\n- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).\n- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).\n- xhci: dbc: Convert to use sysfs_streq() (git-fixes).\n- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).\n- xhci: dbc: Fix STALL transfer event handling (git-fixes).\n- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).\n- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).\n- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).\n- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).\n- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).\n- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).\n- xhci: pci: Use standard pattern for device IDs (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-8",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20190-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20190-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520190-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20190-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021154.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1207948",
"url": "https://bugzilla.suse.com/1207948"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1215211",
"url": "https://bugzilla.suse.com/1215211"
},
{
"category": "self",
"summary": "SUSE Bug 1218470",
"url": "https://bugzilla.suse.com/1218470"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1221651",
"url": "https://bugzilla.suse.com/1221651"
},
{
"category": "self",
"summary": "SUSE Bug 1222649",
"url": "https://bugzilla.suse.com/1222649"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1223047",
"url": "https://bugzilla.suse.com/1223047"
},
{
"category": "self",
"summary": "SUSE Bug 1224049",
"url": "https://bugzilla.suse.com/1224049"
},
{
"category": "self",
"summary": "SUSE Bug 1224489",
"url": "https://bugzilla.suse.com/1224489"
},
{
"category": "self",
"summary": "SUSE Bug 1224610",
"url": "https://bugzilla.suse.com/1224610"
},
{
"category": "self",
"summary": "SUSE Bug 1225533",
"url": "https://bugzilla.suse.com/1225533"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225770",
"url": "https://bugzilla.suse.com/1225770"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1226871",
"url": "https://bugzilla.suse.com/1226871"
},
{
"category": "self",
"summary": "SUSE Bug 1227858",
"url": "https://bugzilla.suse.com/1227858"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1228653",
"url": "https://bugzilla.suse.com/1228653"
},
{
"category": "self",
"summary": "SUSE Bug 1229311",
"url": "https://bugzilla.suse.com/1229311"
},
{
"category": "self",
"summary": "SUSE Bug 1229361",
"url": "https://bugzilla.suse.com/1229361"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1230728",
"url": "https://bugzilla.suse.com/1230728"
},
{
"category": "self",
"summary": "SUSE Bug 1230769",
"url": "https://bugzilla.suse.com/1230769"
},
{
"category": "self",
"summary": "SUSE Bug 1230832",
"url": "https://bugzilla.suse.com/1230832"
},
{
"category": "self",
"summary": "SUSE Bug 1231088",
"url": "https://bugzilla.suse.com/1231088"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232364",
"url": "https://bugzilla.suse.com/1232364"
},
{
"category": "self",
"summary": "SUSE Bug 1232389",
"url": "https://bugzilla.suse.com/1232389"
},
{
"category": "self",
"summary": "SUSE Bug 1232421",
"url": "https://bugzilla.suse.com/1232421"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232743",
"url": "https://bugzilla.suse.com/1232743"
},
{
"category": "self",
"summary": "SUSE Bug 1232812",
"url": "https://bugzilla.suse.com/1232812"
},
{
"category": "self",
"summary": "SUSE Bug 1232848",
"url": "https://bugzilla.suse.com/1232848"
},
{
"category": "self",
"summary": "SUSE Bug 1232895",
"url": "https://bugzilla.suse.com/1232895"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233033",
"url": "https://bugzilla.suse.com/1233033"
},
{
"category": "self",
"summary": "SUSE Bug 1233060",
"url": "https://bugzilla.suse.com/1233060"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233221",
"url": "https://bugzilla.suse.com/1233221"
},
{
"category": "self",
"summary": "SUSE Bug 1233248",
"url": "https://bugzilla.suse.com/1233248"
},
{
"category": "self",
"summary": "SUSE Bug 1233259",
"url": "https://bugzilla.suse.com/1233259"
},
{
"category": "self",
"summary": "SUSE Bug 1233260",
"url": "https://bugzilla.suse.com/1233260"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233522",
"url": "https://bugzilla.suse.com/1233522"
},
{
"category": "self",
"summary": "SUSE Bug 1233551",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234222",
"url": "https://bugzilla.suse.com/1234222"
},
{
"category": "self",
"summary": "SUSE Bug 1234480",
"url": "https://bugzilla.suse.com/1234480"
},
{
"category": "self",
"summary": "SUSE Bug 1234828",
"url": "https://bugzilla.suse.com/1234828"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234936",
"url": "https://bugzilla.suse.com/1234936"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235244",
"url": "https://bugzilla.suse.com/1235244"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235436",
"url": "https://bugzilla.suse.com/1235436"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235455",
"url": "https://bugzilla.suse.com/1235455"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235501",
"url": "https://bugzilla.suse.com/1235501"
},
{
"category": "self",
"summary": "SUSE Bug 1235524",
"url": "https://bugzilla.suse.com/1235524"
},
{
"category": "self",
"summary": "SUSE Bug 1235589",
"url": "https://bugzilla.suse.com/1235589"
},
{
"category": "self",
"summary": "SUSE Bug 1235591",
"url": "https://bugzilla.suse.com/1235591"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235621",
"url": "https://bugzilla.suse.com/1235621"
},
{
"category": "self",
"summary": "SUSE Bug 1235637",
"url": "https://bugzilla.suse.com/1235637"
},
{
"category": "self",
"summary": "SUSE Bug 1235698",
"url": "https://bugzilla.suse.com/1235698"
},
{
"category": "self",
"summary": "SUSE Bug 1235711",
"url": "https://bugzilla.suse.com/1235711"
},
{
"category": "self",
"summary": "SUSE Bug 1235712",
"url": "https://bugzilla.suse.com/1235712"
},
{
"category": "self",
"summary": "SUSE Bug 1235715",
"url": "https://bugzilla.suse.com/1235715"
},
{
"category": "self",
"summary": "SUSE Bug 1235729",
"url": "https://bugzilla.suse.com/1235729"
},
{
"category": "self",
"summary": "SUSE Bug 1235733",
"url": "https://bugzilla.suse.com/1235733"
},
{
"category": "self",
"summary": "SUSE Bug 1235761",
"url": "https://bugzilla.suse.com/1235761"
},
{
"category": "self",
"summary": "SUSE Bug 1235870",
"url": "https://bugzilla.suse.com/1235870"
},
{
"category": "self",
"summary": "SUSE Bug 1235874",
"url": "https://bugzilla.suse.com/1235874"
},
{
"category": "self",
"summary": "SUSE Bug 1235914",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1235973",
"url": "https://bugzilla.suse.com/1235973"
},
{
"category": "self",
"summary": "SUSE Bug 1236099",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "self",
"summary": "SUSE Bug 1236111",
"url": "https://bugzilla.suse.com/1236111"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236206",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236680",
"url": "https://bugzilla.suse.com/1236680"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236683",
"url": "https://bugzilla.suse.com/1236683"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236685",
"url": "https://bugzilla.suse.com/1236685"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236692",
"url": "https://bugzilla.suse.com/1236692"
},
{
"category": "self",
"summary": "SUSE Bug 1236694",
"url": "https://bugzilla.suse.com/1236694"
},
{
"category": "self",
"summary": "SUSE Bug 1236698",
"url": "https://bugzilla.suse.com/1236698"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236757",
"url": "https://bugzilla.suse.com/1236757"
},
{
"category": "self",
"summary": "SUSE Bug 1236758",
"url": "https://bugzilla.suse.com/1236758"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236760",
"url": "https://bugzilla.suse.com/1236760"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237029",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237164",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237313",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237530",
"url": "https://bugzilla.suse.com/1237530"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237565",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "self",
"summary": "SUSE Bug 1237571",
"url": "https://bugzilla.suse.com/1237571"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237853",
"url": "https://bugzilla.suse.com/1237853"
},
{
"category": "self",
"summary": "SUSE Bug 1237856",
"url": "https://bugzilla.suse.com/1237856"
},
{
"category": "self",
"summary": "SUSE Bug 1237873",
"url": "https://bugzilla.suse.com/1237873"
},
{
"category": "self",
"summary": "SUSE Bug 1237875",
"url": "https://bugzilla.suse.com/1237875"
},
{
"category": "self",
"summary": "SUSE Bug 1237876",
"url": "https://bugzilla.suse.com/1237876"
},
{
"category": "self",
"summary": "SUSE Bug 1237877",
"url": "https://bugzilla.suse.com/1237877"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237881",
"url": "https://bugzilla.suse.com/1237881"
},
{
"category": "self",
"summary": "SUSE Bug 1237885",
"url": "https://bugzilla.suse.com/1237885"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237890",
"url": "https://bugzilla.suse.com/1237890"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237894",
"url": "https://bugzilla.suse.com/1237894"
},
{
"category": "self",
"summary": "SUSE Bug 1237897",
"url": "https://bugzilla.suse.com/1237897"
},
{
"category": "self",
"summary": "SUSE Bug 1237900",
"url": "https://bugzilla.suse.com/1237900"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237906",
"url": "https://bugzilla.suse.com/1237906"
},
{
"category": "self",
"summary": "SUSE Bug 1237907",
"url": "https://bugzilla.suse.com/1237907"
},
{
"category": "self",
"summary": "SUSE Bug 1237911",
"url": "https://bugzilla.suse.com/1237911"
},
{
"category": "self",
"summary": "SUSE Bug 1237912",
"url": "https://bugzilla.suse.com/1237912"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238212",
"url": "https://bugzilla.suse.com/1238212"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238474",
"url": "https://bugzilla.suse.com/1238474"
},
{
"category": "self",
"summary": "SUSE Bug 1238475",
"url": "https://bugzilla.suse.com/1238475"
},
{
"category": "self",
"summary": "SUSE Bug 1238479",
"url": "https://bugzilla.suse.com/1238479"
},
{
"category": "self",
"summary": "SUSE Bug 1238494",
"url": "https://bugzilla.suse.com/1238494"
},
{
"category": "self",
"summary": "SUSE Bug 1238496",
"url": "https://bugzilla.suse.com/1238496"
},
{
"category": "self",
"summary": "SUSE Bug 1238497",
"url": "https://bugzilla.suse.com/1238497"
},
{
"category": "self",
"summary": "SUSE Bug 1238500",
"url": "https://bugzilla.suse.com/1238500"
},
{
"category": "self",
"summary": "SUSE Bug 1238501",
"url": "https://bugzilla.suse.com/1238501"
},
{
"category": "self",
"summary": "SUSE Bug 1238502",
"url": "https://bugzilla.suse.com/1238502"
},
{
"category": "self",
"summary": "SUSE Bug 1238503",
"url": "https://bugzilla.suse.com/1238503"
},
{
"category": "self",
"summary": "SUSE Bug 1238506",
"url": "https://bugzilla.suse.com/1238506"
},
{
"category": "self",
"summary": "SUSE Bug 1238507",
"url": "https://bugzilla.suse.com/1238507"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238510",
"url": "https://bugzilla.suse.com/1238510"
},
{
"category": "self",
"summary": "SUSE Bug 1238511",
"url": "https://bugzilla.suse.com/1238511"
},
{
"category": "self",
"summary": "SUSE Bug 1238512",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "self",
"summary": "SUSE Bug 1238521",
"url": "https://bugzilla.suse.com/1238521"
},
{
"category": "self",
"summary": "SUSE Bug 1238523",
"url": "https://bugzilla.suse.com/1238523"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238526",
"url": "https://bugzilla.suse.com/1238526"
},
{
"category": "self",
"summary": "SUSE Bug 1238528",
"url": "https://bugzilla.suse.com/1238528"
},
{
"category": "self",
"summary": "SUSE Bug 1238529",
"url": "https://bugzilla.suse.com/1238529"
},
{
"category": "self",
"summary": "SUSE Bug 1238531",
"url": "https://bugzilla.suse.com/1238531"
},
{
"category": "self",
"summary": "SUSE Bug 1238532",
"url": "https://bugzilla.suse.com/1238532"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238715",
"url": "https://bugzilla.suse.com/1238715"
},
{
"category": "self",
"summary": "SUSE Bug 1238716",
"url": "https://bugzilla.suse.com/1238716"
},
{
"category": "self",
"summary": "SUSE Bug 1238734",
"url": "https://bugzilla.suse.com/1238734"
},
{
"category": "self",
"summary": "SUSE Bug 1238735",
"url": "https://bugzilla.suse.com/1238735"
},
{
"category": "self",
"summary": "SUSE Bug 1238736",
"url": "https://bugzilla.suse.com/1238736"
},
{
"category": "self",
"summary": "SUSE Bug 1238738",
"url": "https://bugzilla.suse.com/1238738"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238747",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238754",
"url": "https://bugzilla.suse.com/1238754"
},
{
"category": "self",
"summary": "SUSE Bug 1238757",
"url": "https://bugzilla.suse.com/1238757"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238760",
"url": "https://bugzilla.suse.com/1238760"
},
{
"category": "self",
"summary": "SUSE Bug 1238762",
"url": "https://bugzilla.suse.com/1238762"
},
{
"category": "self",
"summary": "SUSE Bug 1238763",
"url": "https://bugzilla.suse.com/1238763"
},
{
"category": "self",
"summary": "SUSE Bug 1238767",
"url": "https://bugzilla.suse.com/1238767"
},
{
"category": "self",
"summary": "SUSE Bug 1238768",
"url": "https://bugzilla.suse.com/1238768"
},
{
"category": "self",
"summary": "SUSE Bug 1238771",
"url": "https://bugzilla.suse.com/1238771"
},
{
"category": "self",
"summary": "SUSE Bug 1238772",
"url": "https://bugzilla.suse.com/1238772"
},
{
"category": "self",
"summary": "SUSE Bug 1238773",
"url": "https://bugzilla.suse.com/1238773"
},
{
"category": "self",
"summary": "SUSE Bug 1238775",
"url": "https://bugzilla.suse.com/1238775"
},
{
"category": "self",
"summary": "SUSE Bug 1238780",
"url": "https://bugzilla.suse.com/1238780"
},
{
"category": "self",
"summary": "SUSE Bug 1238781",
"url": "https://bugzilla.suse.com/1238781"
},
{
"category": "self",
"summary": "SUSE Bug 1238785",
"url": "https://bugzilla.suse.com/1238785"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238864",
"url": "https://bugzilla.suse.com/1238864"
},
{
"category": "self",
"summary": "SUSE Bug 1238865",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "self",
"summary": "SUSE Bug 1238876",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE Bug 1238903",
"url": "https://bugzilla.suse.com/1238903"
},
{
"category": "self",
"summary": "SUSE Bug 1238904",
"url": "https://bugzilla.suse.com/1238904"
},
{
"category": "self",
"summary": "SUSE Bug 1238905",
"url": "https://bugzilla.suse.com/1238905"
},
{
"category": "self",
"summary": "SUSE Bug 1238909",
"url": "https://bugzilla.suse.com/1238909"
},
{
"category": "self",
"summary": "SUSE Bug 1238911",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "self",
"summary": "SUSE Bug 1238917",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "self",
"summary": "SUSE Bug 1238958",
"url": "https://bugzilla.suse.com/1238958"
},
{
"category": "self",
"summary": "SUSE Bug 1238959",
"url": "https://bugzilla.suse.com/1238959"
},
{
"category": "self",
"summary": "SUSE Bug 1238963",
"url": "https://bugzilla.suse.com/1238963"
},
{
"category": "self",
"summary": "SUSE Bug 1238964",
"url": "https://bugzilla.suse.com/1238964"
},
{
"category": "self",
"summary": "SUSE Bug 1238969",
"url": "https://bugzilla.suse.com/1238969"
},
{
"category": "self",
"summary": "SUSE Bug 1238971",
"url": "https://bugzilla.suse.com/1238971"
},
{
"category": "self",
"summary": "SUSE Bug 1238973",
"url": "https://bugzilla.suse.com/1238973"
},
{
"category": "self",
"summary": "SUSE Bug 1238975",
"url": "https://bugzilla.suse.com/1238975"
},
{
"category": "self",
"summary": "SUSE Bug 1238978",
"url": "https://bugzilla.suse.com/1238978"
},
{
"category": "self",
"summary": "SUSE Bug 1238979",
"url": "https://bugzilla.suse.com/1238979"
},
{
"category": "self",
"summary": "SUSE Bug 1238981",
"url": "https://bugzilla.suse.com/1238981"
},
{
"category": "self",
"summary": "SUSE Bug 1238984",
"url": "https://bugzilla.suse.com/1238984"
},
{
"category": "self",
"summary": "SUSE Bug 1238986",
"url": "https://bugzilla.suse.com/1238986"
},
{
"category": "self",
"summary": "SUSE Bug 1238993",
"url": "https://bugzilla.suse.com/1238993"
},
{
"category": "self",
"summary": "SUSE Bug 1238994",
"url": "https://bugzilla.suse.com/1238994"
},
{
"category": "self",
"summary": "SUSE Bug 1238997",
"url": "https://bugzilla.suse.com/1238997"
},
{
"category": "self",
"summary": "SUSE Bug 1239015",
"url": "https://bugzilla.suse.com/1239015"
},
{
"category": "self",
"summary": "SUSE Bug 1239016",
"url": "https://bugzilla.suse.com/1239016"
},
{
"category": "self",
"summary": "SUSE Bug 1239027",
"url": "https://bugzilla.suse.com/1239027"
},
{
"category": "self",
"summary": "SUSE Bug 1239029",
"url": "https://bugzilla.suse.com/1239029"
},
{
"category": "self",
"summary": "SUSE Bug 1239030",
"url": "https://bugzilla.suse.com/1239030"
},
{
"category": "self",
"summary": "SUSE Bug 1239033",
"url": "https://bugzilla.suse.com/1239033"
},
{
"category": "self",
"summary": "SUSE Bug 1239034",
"url": "https://bugzilla.suse.com/1239034"
},
{
"category": "self",
"summary": "SUSE Bug 1239036",
"url": "https://bugzilla.suse.com/1239036"
},
{
"category": "self",
"summary": "SUSE Bug 1239037",
"url": "https://bugzilla.suse.com/1239037"
},
{
"category": "self",
"summary": "SUSE Bug 1239038",
"url": "https://bugzilla.suse.com/1239038"
},
{
"category": "self",
"summary": "SUSE Bug 1239039",
"url": "https://bugzilla.suse.com/1239039"
},
{
"category": "self",
"summary": "SUSE Bug 1239045",
"url": "https://bugzilla.suse.com/1239045"
},
{
"category": "self",
"summary": "SUSE Bug 1239065",
"url": "https://bugzilla.suse.com/1239065"
},
{
"category": "self",
"summary": "SUSE Bug 1239068",
"url": "https://bugzilla.suse.com/1239068"
},
{
"category": "self",
"summary": "SUSE Bug 1239073",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "self",
"summary": "SUSE Bug 1239076",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "self",
"summary": "SUSE Bug 1239080",
"url": "https://bugzilla.suse.com/1239080"
},
{
"category": "self",
"summary": "SUSE Bug 1239085",
"url": "https://bugzilla.suse.com/1239085"
},
{
"category": "self",
"summary": "SUSE Bug 1239087",
"url": "https://bugzilla.suse.com/1239087"
},
{
"category": "self",
"summary": "SUSE Bug 1239095",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "self",
"summary": "SUSE Bug 1239104",
"url": "https://bugzilla.suse.com/1239104"
},
{
"category": "self",
"summary": "SUSE Bug 1239105",
"url": "https://bugzilla.suse.com/1239105"
},
{
"category": "self",
"summary": "SUSE Bug 1239109",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "self",
"summary": "SUSE Bug 1239112",
"url": "https://bugzilla.suse.com/1239112"
},
{
"category": "self",
"summary": "SUSE Bug 1239114",
"url": "https://bugzilla.suse.com/1239114"
},
{
"category": "self",
"summary": "SUSE Bug 1239115",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "self",
"summary": "SUSE Bug 1239117",
"url": "https://bugzilla.suse.com/1239117"
},
{
"category": "self",
"summary": "SUSE Bug 1239167",
"url": "https://bugzilla.suse.com/1239167"
},
{
"category": "self",
"summary": "SUSE Bug 1239174",
"url": "https://bugzilla.suse.com/1239174"
},
{
"category": "self",
"summary": "SUSE Bug 1239346",
"url": "https://bugzilla.suse.com/1239346"
},
{
"category": "self",
"summary": "SUSE Bug 1239349",
"url": "https://bugzilla.suse.com/1239349"
},
{
"category": "self",
"summary": "SUSE Bug 1239435",
"url": "https://bugzilla.suse.com/1239435"
},
{
"category": "self",
"summary": "SUSE Bug 1239467",
"url": "https://bugzilla.suse.com/1239467"
},
{
"category": "self",
"summary": "SUSE Bug 1239468",
"url": "https://bugzilla.suse.com/1239468"
},
{
"category": "self",
"summary": "SUSE Bug 1239471",
"url": "https://bugzilla.suse.com/1239471"
},
{
"category": "self",
"summary": "SUSE Bug 1239473",
"url": "https://bugzilla.suse.com/1239473"
},
{
"category": "self",
"summary": "SUSE Bug 1239474",
"url": "https://bugzilla.suse.com/1239474"
},
{
"category": "self",
"summary": "SUSE Bug 1239477",
"url": "https://bugzilla.suse.com/1239477"
},
{
"category": "self",
"summary": "SUSE Bug 1239478",
"url": "https://bugzilla.suse.com/1239478"
},
{
"category": "self",
"summary": "SUSE Bug 1239479",
"url": "https://bugzilla.suse.com/1239479"
},
{
"category": "self",
"summary": "SUSE Bug 1239481",
"url": "https://bugzilla.suse.com/1239481"
},
{
"category": "self",
"summary": "SUSE Bug 1239482",
"url": "https://bugzilla.suse.com/1239482"
},
{
"category": "self",
"summary": "SUSE Bug 1239483",
"url": "https://bugzilla.suse.com/1239483"
},
{
"category": "self",
"summary": "SUSE Bug 1239484",
"url": "https://bugzilla.suse.com/1239484"
},
{
"category": "self",
"summary": "SUSE Bug 1239486",
"url": "https://bugzilla.suse.com/1239486"
},
{
"category": "self",
"summary": "SUSE Bug 1239508",
"url": "https://bugzilla.suse.com/1239508"
},
{
"category": "self",
"summary": "SUSE Bug 1239512",
"url": "https://bugzilla.suse.com/1239512"
},
{
"category": "self",
"summary": "SUSE Bug 1239518",
"url": "https://bugzilla.suse.com/1239518"
},
{
"category": "self",
"summary": "SUSE Bug 1239573",
"url": "https://bugzilla.suse.com/1239573"
},
{
"category": "self",
"summary": "SUSE Bug 1239594",
"url": "https://bugzilla.suse.com/1239594"
},
{
"category": "self",
"summary": "SUSE Bug 1239595",
"url": "https://bugzilla.suse.com/1239595"
},
{
"category": "self",
"summary": "SUSE Bug 1239600",
"url": "https://bugzilla.suse.com/1239600"
},
{
"category": "self",
"summary": "SUSE Bug 1239605",
"url": "https://bugzilla.suse.com/1239605"
},
{
"category": "self",
"summary": "SUSE Bug 1239615",
"url": "https://bugzilla.suse.com/1239615"
},
{
"category": "self",
"summary": "SUSE Bug 1239644",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "self",
"summary": "SUSE Bug 1239707",
"url": "https://bugzilla.suse.com/1239707"
},
{
"category": "self",
"summary": "SUSE Bug 1239986",
"url": "https://bugzilla.suse.com/1239986"
},
{
"category": "self",
"summary": "SUSE Bug 1239994",
"url": "https://bugzilla.suse.com/1239994"
},
{
"category": "self",
"summary": "SUSE Bug 1240169",
"url": "https://bugzilla.suse.com/1240169"
},
{
"category": "self",
"summary": "SUSE Bug 1240172",
"url": "https://bugzilla.suse.com/1240172"
},
{
"category": "self",
"summary": "SUSE Bug 1240173",
"url": "https://bugzilla.suse.com/1240173"
},
{
"category": "self",
"summary": "SUSE Bug 1240175",
"url": "https://bugzilla.suse.com/1240175"
},
{
"category": "self",
"summary": "SUSE Bug 1240177",
"url": "https://bugzilla.suse.com/1240177"
},
{
"category": "self",
"summary": "SUSE Bug 1240179",
"url": "https://bugzilla.suse.com/1240179"
},
{
"category": "self",
"summary": "SUSE Bug 1240182",
"url": "https://bugzilla.suse.com/1240182"
},
{
"category": "self",
"summary": "SUSE Bug 1240183",
"url": "https://bugzilla.suse.com/1240183"
},
{
"category": "self",
"summary": "SUSE Bug 1240186",
"url": "https://bugzilla.suse.com/1240186"
},
{
"category": "self",
"summary": "SUSE Bug 1240188",
"url": "https://bugzilla.suse.com/1240188"
},
{
"category": "self",
"summary": "SUSE Bug 1240189",
"url": "https://bugzilla.suse.com/1240189"
},
{
"category": "self",
"summary": "SUSE Bug 1240191",
"url": "https://bugzilla.suse.com/1240191"
},
{
"category": "self",
"summary": "SUSE Bug 1240192",
"url": "https://bugzilla.suse.com/1240192"
},
{
"category": "self",
"summary": "SUSE Bug 1240333",
"url": "https://bugzilla.suse.com/1240333"
},
{
"category": "self",
"summary": "SUSE Bug 1240334",
"url": "https://bugzilla.suse.com/1240334"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52831 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52926 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52927 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26634 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26873 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38606 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41149 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42307 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43820 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46736 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46796 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47408 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47794 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49571 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49940 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50152 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50251 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50258 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50304 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52559 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53163 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54683 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56638 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56640 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57807 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57973 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57986 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57993 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57997 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57999 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58006 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58034 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58052 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58054 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58083 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21631 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21659 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21666 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21669 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21671 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21704 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21708 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21711 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21741 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21743 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21745 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21762 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21775 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21776 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21779 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21780 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21781 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21782 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21784 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21793 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21796 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21804 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21815 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21819 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21820 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21821 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21825 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21829 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21831 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21835 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21838 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21846 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21855 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21857 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21858 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21859 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21862 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21883 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21886 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21888 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21890 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21892 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21892/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-04-17T10:48:21Z",
"generator": {
"date": "2025-04-17T10:48:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20190-1",
"initial_release_date": "2025-04-17T10:48:21Z",
"revision_history": [
{
"date": "2025-04-17T10:48:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-28.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-28.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-28.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-28.1.noarch",
"product_id": "kernel-source-rt-6.4.0-28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-28.1.x86_64",
"product_id": "kernel-rt-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don\u0027t offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the \"isolcpus=\" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n rebuild_sched_domains_locked()\n ndoms = generate_sched_domains(\u0026doms, \u0026attr);\n cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52831",
"url": "https://www.suse.com/security/cve/CVE-2023-52831"
},
{
"category": "external",
"summary": "SUSE Bug 1225533 for CVE-2023-52831",
"url": "https://bugzilla.suse.com/1225533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-52831"
},
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2023-52926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIORING_OP_READ did not correctly consume the provided buffer list when\nread i/o returned \u003c 0 (except for -EAGAIN and -EIOCBQUEUED return).\nThis can lead to a potential use-after-free when the completion via\nio_rw_done runs at separate context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52926",
"url": "https://www.suse.com/security/cve/CVE-2023-52926"
},
{
"category": "external",
"summary": "SUSE Bug 1237565 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "external",
"summary": "SUSE Bug 1237567 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52926"
},
{
"cve": "CVE-2023-52927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: allow exp not to be removed in nf_ct_find_expectation\n\nCurrently nf_conntrack_in() calling nf_ct_find_expectation() will\nremove the exp from the hash table. However, in some scenario, we\nexpect the exp not to be removed when the created ct will not be\nconfirmed, like in OVS and TC conntrack in the following patches.\n\nThis patch allows exp not to be removed by setting IPS_CONFIRMED\nin the status of the tmpl.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52927",
"url": "https://www.suse.com/security/cve/CVE-2023-52927"
},
{
"category": "external",
"summary": "SUSE Bug 1239644 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "external",
"summary": "SUSE Bug 1246016 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1246016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-26634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix removing a namespace with conflicting altnames\n\nMark reports a BUG() when a net namespace is removed.\n\n kernel BUG at net/core/dev.c:11520!\n\nPhysical interfaces moved outside of init_net get \"refunded\"\nto init_net when that namespace disappears. The main interface\nname may get overwritten in the process if it would have\nconflicted. We need to also discard all conflicting altnames.\nRecent fixes addressed ensuring that altnames get moved\nwith the main interface, which surfaced this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26634",
"url": "https://www.suse.com/security/cve/CVE-2024-26634"
},
{
"category": "external",
"summary": "SUSE Bug 1221651 for CVE-2024-26634",
"url": "https://bugzilla.suse.com/1221651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26634"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\n\nIf we issue a disabling PHY command, the device attached with it will go\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\nfound:\n\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\n[ 4613.666297] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\n[ 4613.691518] Call trace:\n[ 4613.694678] __switch_to+0xf8/0x17c\n[ 4613.698872] __schedule+0x660/0xee0\n[ 4613.703063] schedule+0xac/0x240\n[ 4613.706994] schedule_timeout+0x500/0x610\n[ 4613.711705] __down+0x128/0x36c\n[ 4613.715548] down+0x240/0x2d0\n[ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\n[ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas]\n[ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas]\n[ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\n[ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\n[ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\n[ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas]\n[ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas]\n[ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\n[ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas]\n[ 4613.784716] process_one_work+0x248/0x950\n[ 4613.789424] worker_thread+0x318/0x934\n[ 4613.793878] kthread+0x190/0x200\n[ 4613.797810] ret_from_fork+0x10/0x18\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\n[ 4613.816026] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\n[ 4613.841491] Call trace:\n[ 4613.844647] __switch_to+0xf8/0x17c\n[ 4613.848852] __schedule+0x660/0xee0\n[ 4613.853052] schedule+0xac/0x240\n[ 4613.856984] schedule_timeout+0x500/0x610\n[ 4613.861695] __down+0x128/0x36c\n[ 4613.865542] down+0x240/0x2d0\n[ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\n[ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\n[ 4613.883019] process_one_work+0x248/0x950\n[ 4613.887732] worker_thread+0x318/0x934\n[ 4613.892204] kthread+0x190/0x200\n[ 4613.896118] ret_from_fork+0x10/0x18\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\n[ 4613.914341] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\n[ 4613.939549] Call trace:\n[ 4613.942702] __switch_to+0xf8/0x17c\n[ 4613.946892] __schedule+0x660/0xee0\n[ 4613.951083] schedule+0xac/0x240\n[ 4613.955015] schedule_timeout+0x500/0x610\n[ 4613.959725] wait_for_common+0x200/0x610\n[ 4613.964349] wait_for_completion+0x3c/0x5c\n[ 4613.969146] flush_workqueue+0x198/0x790\n[ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\n[ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas]\n[ 4613.985708] process_one_work+0x248/0x950\n[ 4613.990420] worker_thread+0x318/0x934\n[ 4613.994868] kthread+0x190/0x200\n[ 4613.998800] ret_from_fork+0x10/0x18\n\nThis is because when the device goes offline, we obtain the hisi_hba\nsemaphore and send the ABORT_DEV command to the device. However, the\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\ncannot be executed and the controller cannot be reset.\n\nTherefore, the deadlocks occur on the following circular dependencies\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26873",
"url": "https://www.suse.com/security/cve/CVE-2024-26873"
},
{
"category": "external",
"summary": "SUSE Bug 1223047 for CVE-2024-26873",
"url": "https://bugzilla.suse.com/1223047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-26873"
},
{
"cve": "CVE-2024-35826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35826",
"url": "https://www.suse.com/security/cve/CVE-2024-35826"
},
{
"category": "external",
"summary": "SUSE Bug 1224610 for CVE-2024-35826",
"url": "https://bugzilla.suse.com/1224610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-35826"
},
{
"cve": "CVE-2024-35910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35910",
"url": "https://www.suse.com/security/cve/CVE-2024-35910"
},
{
"category": "external",
"summary": "SUSE Bug 1224489 for CVE-2024-35910",
"url": "https://bugzilla.suse.com/1224489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - validate slices count returned by FW\n\nThe function adf_send_admin_tl_start() enables the telemetry (TL)\nfeature on a QAT device by sending the ICP_QAT_FW_TL_START message to\nthe firmware. This triggers the FW to start writing TL data to a DMA\nbuffer in memory and returns an array containing the number of\naccelerators of each type (slices) supported by this HW.\nThe pointer to this array is stored in the adf_tl_hw_data data\nstructure called slice_cnt.\n\nThe array slice_cnt is then used in the function tl_print_dev_data()\nto report in debugfs only statistics about the supported accelerators.\nAn incorrect value of the elements in slice_cnt might lead to an out\nof bounds memory read.\nAt the moment, there isn\u0027t an implementation of FW that returns a wrong\nvalue, but for robustness validate the slice count array returned by FW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38606",
"url": "https://www.suse.com/security/cve/CVE-2024-38606"
},
{
"category": "external",
"summary": "SUSE Bug 1226871 for CVE-2024-38606",
"url": "https://bugzilla.suse.com/1226871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\u003csnip\u003e\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\u003csnip\u003e\n\tvalue changed: 0x0000000a -\u003e 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi-\u003epoll_owner\nnon atomically. The -\u003epoll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41005",
"url": "https://www.suse.com/security/cve/CVE-2024-41005"
},
{
"category": "external",
"summary": "SUSE Bug 1227858 for CVE-2024-41005",
"url": "https://bugzilla.suse.com/1227858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-41077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix validation of block size\n\nBlock size should be between 512 and PAGE_SIZE and be a power of 2. The current\ncheck does not validate this, so update the check.\n\nWithout this patch, null_blk would Oops due to a null pointer deref when\nloaded with bs=1536 [1].\n\n\n[axboe: remove unnecessary braces and != 0 check]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41077",
"url": "https://www.suse.com/security/cve/CVE-2024-41077"
},
{
"category": "external",
"summary": "SUSE Bug 1228653 for CVE-2024-41077",
"url": "https://bugzilla.suse.com/1228653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: avoid to reuse `hctx` not removed from cpuhp callback list\n\nIf the \u0027hctx\u0027 isn\u0027t removed from cpuhp callback list, we can\u0027t reuse it,\notherwise use-after-free may be triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41149",
"url": "https://www.suse.com/security/cve/CVE-2024-41149"
},
{
"category": "external",
"summary": "SUSE Bug 1235698 for CVE-2024-41149",
"url": "https://bugzilla.suse.com/1235698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-41149"
},
{
"cve": "CVE-2024-42307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n fs/smb/client/cifsfs.c:1981 init_cifs()\n error: we previously assumed \u0027serverclose_wq\u0027 could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42307",
"url": "https://www.suse.com/security/cve/CVE-2024-42307"
},
{
"category": "external",
"summary": "SUSE Bug 1229361 for CVE-2024-42307",
"url": "https://bugzilla.suse.com/1229361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-42307"
},
{
"cve": "CVE-2024-43820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery));\n\nThis check is designed to make sure that the sync thread isn\u0027t\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43820",
"url": "https://www.suse.com/security/cve/CVE-2024-43820"
},
{
"category": "external",
"summary": "SUSE Bug 1229311 for CVE-2024-43820",
"url": "https://bugzilla.suse.com/1229311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-46736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_rename_path()\n\nIf smb2_set_path_attr() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() again as the\nreference of @cfile was already dropped by previous smb2_compound_op()\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46736",
"url": "https://www.suse.com/security/cve/CVE-2024-46736"
},
{
"category": "external",
"summary": "SUSE Bug 1230728 for CVE-2024-46736",
"url": "https://bugzilla.suse.com/1230728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46736"
},
{
"cve": "CVE-2024-46782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46782",
"url": "https://www.suse.com/security/cve/CVE-2024-46782"
},
{
"category": "external",
"summary": "SUSE Bug 1230769 for CVE-2024-46782",
"url": "https://bugzilla.suse.com/1230769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_set_path_size()\n\nIf smb2_compound_op() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() before retrying it\nas the reference of @cfile was already dropped by previous call.\n\nThis fixes the following KASAN splat when running fstests generic/013\nagainst Windows Server 2022:\n\n CIFS: Attempting to mount //w22-fs0/scratch\n run fstests generic/013 at 2024-09-02 19:48:59\n ==================================================================\n BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200\n Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176\n\n CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40\n 04/01/2014\n Workqueue: cifsoplockd cifs_oplock_break [cifs]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? detach_if_pending+0xab/0x200\n print_report+0x156/0x4d9\n ? detach_if_pending+0xab/0x200\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? detach_if_pending+0xab/0x200\n kasan_report+0xda/0x110\n ? detach_if_pending+0xab/0x200\n detach_if_pending+0xab/0x200\n timer_delete+0x96/0xe0\n ? __pfx_timer_delete+0x10/0x10\n ? rcu_is_watching+0x20/0x50\n try_to_grab_pending+0x46/0x3b0\n __cancel_work+0x89/0x1b0\n ? __pfx___cancel_work+0x10/0x10\n ? kasan_save_track+0x14/0x30\n cifs_close_deferred_file+0x110/0x2c0 [cifs]\n ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs]\n ? __pfx_down_read+0x10/0x10\n cifs_oplock_break+0x4c1/0xa50 [cifs]\n ? __pfx_cifs_oplock_break+0x10/0x10 [cifs]\n ? lock_is_held_type+0x85/0xf0\n ? mark_held_locks+0x1a/0x90\n process_one_work+0x4c6/0x9f0\n ? find_held_lock+0x8a/0xa0\n ? __pfx_process_one_work+0x10/0x10\n ? lock_acquired+0x220/0x550\n ? __list_add_valid_or_report+0x37/0x100\n worker_thread+0x2e4/0x570\n ? __kthread_parkme+0xd1/0xf0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x17f/0x1c0\n ? kthread+0xda/0x1c0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 1118:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n cifs_new_fileinfo+0xc8/0x9d0 [cifs]\n cifs_atomic_open+0x467/0x770 [cifs]\n lookup_open.isra.0+0x665/0x8b0\n path_openat+0x4c3/0x1380\n do_filp_open+0x167/0x270\n do_sys_openat2+0x129/0x160\n __x64_sys_creat+0xad/0xe0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 83:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n poison_slab_object+0xe9/0x160\n __kasan_slab_free+0x32/0x50\n kfree+0xf2/0x300\n process_one_work+0x4c6/0x9f0\n worker_thread+0x2e4/0x570\n kthread+0x17f/0x1c0\n ret_from_fork+0x31/0x60\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x30/0x50\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x29/0xe0\n __queue_work+0x5ea/0x760\n queue_work_on+0x6d/0x90\n _cifsFileInfo_put+0x3f6/0x770 [cifs]\n smb2_compound_op+0x911/0x3940 [cifs]\n smb2_set_path_size+0x228/0x270 [cifs]\n cifs_set_file_size+0x197/0x460 [cifs]\n cifs_setattr+0xd9c/0x14b0 [cifs]\n notify_change+0x4e3/0x740\n do_truncate+0xfa/0x180\n vfs_truncate+0x195/0x200\n __x64_sys_truncate+0x109/0x150\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46796",
"url": "https://www.suse.com/security/cve/CVE-2024-46796"
},
{
"category": "external",
"summary": "SUSE Bug 1230832 for CVE-2024-46796",
"url": "https://bugzilla.suse.com/1230832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46796"
},
{
"cve": "CVE-2024-46858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n CPU1\t\t\t\tCPU2\n ==== ====\n net_rx_action\n napi_poll netlink_sendmsg\n __napi_poll netlink_unicast\n process_backlog netlink_unicast_kernel\n __netif_receive_skb genl_rcv\n __netif_receive_skb_one_core netlink_rcv_skb\n NF_HOOK genl_rcv_msg\n ip_local_deliver_finish genl_family_rcv_msg\n ip_protocol_deliver_rcu genl_family_rcv_msg_doit\n tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit\n tcp_v4_do_rcv mptcp_nl_remove_addrs_list\n tcp_rcv_established mptcp_pm_remove_addrs_and_subflows\n tcp_data_queue remove_anno_list_by_saddr\n mptcp_incoming_options mptcp_pm_del_add_timer\n mptcp_pm_del_add_timer kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by \"pm.lock\", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of \"entry-\u003eadd_timer\".\n\nMove list_del(\u0026entry-\u003elist) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar \"entry-\u003ex\" uaf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46858",
"url": "https://www.suse.com/security/cve/CVE-2024-46858"
},
{
"category": "external",
"summary": "SUSE Bug 1231088 for CVE-2024-46858",
"url": "https://bugzilla.suse.com/1231088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-46858"
},
{
"cve": "CVE-2024-47408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47408"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check smcd_v2_ext_offset when receiving proposal msg\n\nWhen receiving proposal msg in server, the field smcd_v2_ext_offset in\nproposal msg is from the remote client and can not be fully trusted.\nOnce the value of smcd_v2_ext_offset exceed the max value, there has\nthe chance to access wrong address, and crash may happen.\n\nThis patch checks the value of smcd_v2_ext_offset before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47408",
"url": "https://www.suse.com/security/cve/CVE-2024-47408"
},
{
"category": "external",
"summary": "SUSE Bug 1235711 for CVE-2024-47408",
"url": "https://bugzilla.suse.com/1235711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47794",
"url": "https://www.suse.com/security/cve/CVE-2024-47794"
},
{
"category": "external",
"summary": "SUSE Bug 1235712 for CVE-2024-47794",
"url": "https://bugzilla.suse.com/1235712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the field iparea_offset\nand the field ipv6_prefixes_cnt in proposal msg are from the\nremote client and can not be fully trusted. Especially the\nfield iparea_offset, once exceed the max value, there has the\nchance to access wrong address, and crash may happen.\n\nThis patch checks iparea_offset and ipv6_prefixes_cnt before using them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49571",
"url": "https://www.suse.com/security/cve/CVE-2024-49571"
},
{
"category": "external",
"summary": "SUSE Bug 1235733 for CVE-2024-49571",
"url": "https://bugzilla.suse.com/1235733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which \u0026fbi-\u003etask is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the \u0026pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi-\u003efb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | pxafb_task\npxafb_remove |\nunregister_framebuffer(info) |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info) |\n// free fbi-\u003efb | set_ctrlr_state(fbi, state)\n | __pxafb_lcd_power(fbi, 0)\n | fbi-\u003elcd_power(on, \u0026fbi-\u003efb.var)\n | //use fbi-\u003efb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49924",
"url": "https://www.suse.com/security/cve/CVE-2024-49924"
},
{
"category": "external",
"summary": "SUSE Bug 1232364 for CVE-2024-49924",
"url": "https://bugzilla.suse.com/1232364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49940"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: prevent possible tunnel refcount underflow\n\nWhen a session is created, it sets a backpointer to its tunnel. When\nthe session refcount drops to 0, l2tp_session_free drops the tunnel\nrefcount if session-\u003etunnel is non-NULL. However, session-\u003etunnel is\nset in l2tp_session_create, before the tunnel refcount is incremented\nby l2tp_session_register, which leaves a small window where\nsession-\u003etunnel is non-NULL when the tunnel refcount hasn\u0027t been\nbumped.\n\nMoving the assignment to l2tp_session_register is trivial but\nl2tp_session_create calls l2tp_session_set_header_len which uses\nsession-\u003etunnel to get the tunnel\u0027s encap. Add an encap arg to\nl2tp_session_set_header_len to avoid using session-\u003etunnel.\n\nIf l2tpv3 sessions have colliding IDs, it is possible for\nl2tp_v3_session_get to race with l2tp_session_register and fetch a\nsession which doesn\u0027t yet have session-\u003etunnel set. Add a check for\nthis case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49940",
"url": "https://www.suse.com/security/cve/CVE-2024-49940"
},
{
"category": "external",
"summary": "SUSE Bug 1232812 for CVE-2024-49940",
"url": "https://bugzilla.suse.com/1232812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49940"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-49994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix integer overflow in BLKSECDISCARD\n\nI independently rediscovered\n\n\tcommit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155\n\tblock: fix overflow in blk_ioctl_discard()\n\nbut for secure erase.\n\nSame problem:\n\n\tuint64_t r[2] = {512, 18446744073709551104ULL};\n\tioctl(fd, BLKSECDISCARD, r);\n\nwill enter near infinite loop inside blkdev_issue_secure_erase():\n\n\ta.out: attempt to access beyond end of device\n\tloop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048\n\tbio_check_eod: 3286214 callbacks suppressed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49994",
"url": "https://www.suse.com/security/cve/CVE-2024-49994"
},
{
"category": "external",
"summary": "SUSE Bug 1237757 for CVE-2024-49994",
"url": "https://bugzilla.suse.com/1237757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50056",
"url": "https://www.suse.com/security/cve/CVE-2024-50056"
},
{
"category": "external",
"summary": "SUSE Bug 1232389 for CVE-2024-50056",
"url": "https://bugzilla.suse.com/1232389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: use RCU read-side critical section in taprio_dump()\n\nFix possible use-after-free in \u0027taprio_dump()\u0027 by adding RCU\nread-side critical section there. Never seen on x86 but\nfound on a KASAN-enabled arm64 system when investigating\nhttps://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa:\n\n[T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0\n[T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862\n[T15862]\n[T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2\n[T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024\n[T15862] Call trace:\n[T15862] dump_backtrace+0x20c/0x220\n[T15862] show_stack+0x2c/0x40\n[T15862] dump_stack_lvl+0xf8/0x174\n[T15862] print_report+0x170/0x4d8\n[T15862] kasan_report+0xb8/0x1d4\n[T15862] __asan_report_load4_noabort+0x20/0x2c\n[T15862] taprio_dump+0xa0c/0xbb0\n[T15862] tc_fill_qdisc+0x540/0x1020\n[T15862] qdisc_notify.isra.0+0x330/0x3a0\n[T15862] tc_modify_qdisc+0x7b8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Allocated by task 15857:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_alloc_info+0x40/0x60\n[T15862] __kasan_kmalloc+0xd4/0xe0\n[T15862] __kmalloc_cache_noprof+0x194/0x334\n[T15862] taprio_change+0x45c/0x2fe0\n[T15862] tc_modify_qdisc+0x6a8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Freed by task 6192:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_free_info+0x4c/0x80\n[T15862] poison_slab_object+0x110/0x160\n[T15862] __kasan_slab_free+0x3c/0x74\n[T15862] kfree+0x134/0x3c0\n[T15862] taprio_free_sched_cb+0x18c/0x220\n[T15862] rcu_core+0x920/0x1b7c\n[T15862] rcu_core_si+0x10/0x1c\n[T15862] handle_softirqs+0x2e8/0xd64\n[T15862] __do_softirq+0x14/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50126",
"url": "https://www.suse.com/security/cve/CVE-2024-50126"
},
{
"category": "external",
"summary": "SUSE Bug 1232895 for CVE-2024-50126",
"url": "https://bugzilla.suse.com/1232895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Disable page allocation in task_tick_mm_cid()\n\nWith KASAN and PREEMPT_RT enabled, calling task_work_add() in\ntask_tick_mm_cid() may cause the following splat.\n\n[ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe\n[ 63.696416] preempt_count: 10001, expected: 0\n[ 63.696416] RCU nest depth: 1, expected: 1\n\nThis problem is caused by the following call trace.\n\n sched_tick() [ acquire rq-\u003e__lock ]\n -\u003e task_tick_mm_cid()\n -\u003e task_work_add()\n -\u003e __kasan_record_aux_stack()\n -\u003e kasan_save_stack()\n -\u003e stack_depot_save_flags()\n -\u003e alloc_pages_mpol_noprof()\n -\u003e __alloc_pages_noprof()\n\t -\u003e get_page_from_freelist()\n\t -\u003e rmqueue()\n\t -\u003e rmqueue_pcplist()\n\t -\u003e __rmqueue_pcplist()\n\t -\u003e rmqueue_bulk()\n\t -\u003e rt_spin_lock()\n\nThe rq lock is a raw_spinlock_t. We can\u0027t sleep while holding\nit. IOW, we can\u0027t call alloc_pages() in stack_depot_save_flags().\n\nThe task_tick_mm_cid() function with its task_work_add() call was\nintroduced by commit 223baf9d17f2 (\"sched: Fix performance regression\nintroduced by mm_cid\") in v6.4 kernel.\n\nFortunately, there is a kasan_record_aux_stack_noalloc() variant that\ncalls stack_depot_save_flags() while not allowing it to allocate\nnew pages. To allow task_tick_mm_cid() to use task_work without\npage allocation, a new TWAF_NO_ALLOC flag is added to enable calling\nkasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack()\nif set. The task_tick_mm_cid() function is modified to add this new flag.\n\nThe possible downside is the missing stack trace in a KASAN report due\nto new page allocation required when task_work_add_noallloc() is called\nwhich should be rare.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50140",
"url": "https://www.suse.com/security/cve/CVE-2024-50140"
},
{
"category": "external",
"summary": "SUSE Bug 1233060 for CVE-2024-50140",
"url": "https://bugzilla.suse.com/1233060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning:\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 | kfree(ea);\n | ^~~~~~~~~\n\nThere is a double free in such case:\n\u0027ea is initialized to NULL\u0027 -\u003e \u0027first successful memory allocation for\nea\u0027 -\u003e \u0027something failed, goto sea_exit\u0027 -\u003e \u0027first memory release for ea\u0027\n-\u003e \u0027goto replay_again\u0027 -\u003e \u0027second goto sea_exit before allocate memory\nfor ea\u0027 -\u003e \u0027second memory release for ea resulted in double free\u0027.\n\nRe-initialie \u0027ea\u0027 to NULL near to the replay_again label, it can fix this\ndouble free problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50152",
"url": "https://www.suse.com/security/cve/CVE-2024-50152"
},
{
"category": "external",
"summary": "SUSE Bug 1233033 for CVE-2024-50152",
"url": "https://bugzilla.suse.com/1233033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50152"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50251",
"url": "https://www.suse.com/security/cve/CVE-2024-50251"
},
{
"category": "external",
"summary": "SUSE Bug 1233248 for CVE-2024-50251",
"url": "https://bugzilla.suse.com/1233248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk-\u003esk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n tso_segs = tcp_init_tso_segs(skb, mss_now);\n tcp_set_skb_tso_segs\n tcp_skb_pcount_set\n // skb-\u003elen = 524288, mss_now = 8\n // u16 tso_segs = 524288/8 = 65535 -\u003e 0\n tso_segs = DIV_ROUND_UP(skb-\u003elen, mss_now)\n BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50258",
"url": "https://www.suse.com/security/cve/CVE-2024-50258"
},
{
"category": "external",
"summary": "SUSE Bug 1233221 for CVE-2024-50258",
"url": "https://bugzilla.suse.com/1233221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50258"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-50304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50304",
"url": "https://www.suse.com/security/cve/CVE-2024-50304"
},
{
"category": "external",
"summary": "SUSE Bug 1233522 for CVE-2024-50304",
"url": "https://bugzilla.suse.com/1233522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-50304"
},
{
"cve": "CVE-2024-52559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()\n\nThe \"submit-\u003ecmd[i].size\" and \"submit-\u003ecmd[i].offset\" variables are u32\nvalues that come from the user via the submit_lookup_cmds() function.\nThis addition could lead to an integer wrapping bug so use size_add()\nto prevent that.\n\nPatchwork: https://patchwork.freedesktop.org/patch/624696/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52559",
"url": "https://www.suse.com/security/cve/CVE-2024-52559"
},
{
"category": "external",
"summary": "SUSE Bug 1238507 for CVE-2024-52559",
"url": "https://bugzilla.suse.com/1238507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-53057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53057",
"url": "https://www.suse.com/security/cve/CVE-2024-53057"
},
{
"category": "external",
"summary": "SUSE Bug 1233551 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "external",
"summary": "SUSE Bug 1245816 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1245816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon\u0027t actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we\u0027re back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn\u0027t have to take a reference of its own.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53140",
"url": "https://www.suse.com/security/cve/CVE-2024-53140"
},
{
"category": "external",
"summary": "SUSE Bug 1234222 for CVE-2024-53140",
"url": "https://bugzilla.suse.com/1234222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat/qat_420xx - fix off by one in uof_get_name()\n\nThis is called from uof_get_name_420xx() where \"num_objs\" is the\nARRAY_SIZE() of fw_objs[]. The \u003e needs to be \u003e= to prevent an out of\nbounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53163",
"url": "https://www.suse.com/security/cve/CVE-2024-53163"
},
{
"category": "external",
"summary": "SUSE Bug 1234828 for CVE-2024-53163",
"url": "https://bugzilla.suse.com/1234828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-53680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()\n\nUnder certain kernel configurations when building with Clang/LLVM, the\ncompiler does not generate a return or jump as the terminator\ninstruction for ip_vs_protocol_init(), triggering the following objtool\nwarning during build time:\n\n vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()\n\nAt runtime, this either causes an oops when trying to load the ipvs\nmodule or a boot-time panic if ipvs is built-in. This same issue has\nbeen reported by the Intel kernel test robot previously.\n\nDigging deeper into both LLVM and the kernel code reveals this to be a\nundefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer\nof 64 chars to store the registered protocol names and leaves it\nuninitialized after definition. The function calls strnlen() when\nconcatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE\nstrnlen() performs an extra step to check whether the last byte of the\ninput char buffer is a null character (commit 3009f891bb9f (\"fortify:\nAllow strlen() and strnlen() to pass compile-time known lengths\")).\nThis, together with possibly other configurations, cause the following\nIR to be generated:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section \".init.text\" align 16 !kcfi_type !29 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 14: ; preds = %11\n %15 = getelementptr inbounds i8, ptr %1, i64 63\n %16 = load i8, ptr %15, align 1\n %17 = tail call i1 @llvm.is.constant.i8(i8 %16)\n %18 = icmp eq i8 %16, 0\n %19 = select i1 %17, i1 %18, i1 false\n br i1 %19, label %20, label %23\n\n 20: ; preds = %14\n %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23\n ...\n\n 23: ; preds = %14, %11, %20\n %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24\n ...\n }\n\nThe above code calculates the address of the last char in the buffer\n(value %15) and then loads from it (value %16). Because the buffer is\nnever initialized, the LLVM GVN pass marks value %16 as undefined:\n\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n br i1 undef, label %14, label %17\n\nThis gives later passes (SCCP, in particular) more DCE opportunities by\npropagating the undef value further, and eventually removes everything\nafter the load on the uninitialized stack location:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section \".init.text\" align 16 !kcfi_type !11 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 12: ; preds = %11\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n unreachable\n }\n\nIn this way, the generated native code will just fall through to the\nnext function, as LLVM does not generate any code for the unreachable IR\ninstruction and leaves the function without a terminator.\n\nZero the on-stack buffer to avoid this possible UB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53680",
"url": "https://www.suse.com/security/cve/CVE-2024-53680"
},
{
"category": "external",
"summary": "SUSE Bug 1235715 for CVE-2024-53680",
"url": "https://bugzilla.suse.com/1235715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: IDLETIMER: Fix for possible ABBA deadlock\n\nDeletion of the last rule referencing a given idletimer may happen at\nthe same time as a read of its file in sysfs:\n\n| ======================================================\n| WARNING: possible circular locking dependency detected\n| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted\n| ------------------------------------------------------\n| iptables/3303 is trying to acquire lock:\n| ffff8881057e04b8 (kn-\u003eactive#48){++++}-{0:0}, at: __kernfs_remove+0x20\n|\n| but task is already holding lock:\n| ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v]\n|\n| which lock already depends on the new lock.\n\nA simple reproducer is:\n\n| #!/bin/bash\n|\n| while true; do\n| iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| done \u0026\n| while true; do\n| cat /sys/class/xt_idletimer/timers/testme \u003e/dev/null\n| done\n\nAvoid this by freeing list_mutex right after deleting the element from\nthe list, then continuing with the teardown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54683",
"url": "https://www.suse.com/security/cve/CVE-2024-54683"
},
{
"category": "external",
"summary": "SUSE Bug 1235729 for CVE-2024-54683",
"url": "https://bugzilla.suse.com/1235729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (\u0026htab-\u003elockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab\u0027s lock (s-\u003ecpu_slab-\u003elock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock\u0027s type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for -\u003emap_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes -\u003emap_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab-\u003eextra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn\u0027t support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn\u0027t have the problem, so kept\nit as\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56592",
"url": "https://www.suse.com/security/cve/CVE-2024-56592"
},
{
"category": "external",
"summary": "SUSE Bug 1235244 for CVE-2024-56592",
"url": "https://bugzilla.suse.com/1235244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56592"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n has already been parsed before for inner header fetching to\n register.\n\n2) Validate that the percpu area refers to this skbuff using the\n skbuff pointer as a cookie. If there is a cookie mismatch, then\n this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56638",
"url": "https://www.suse.com/security/cve/CVE-2024-56638"
},
{
"category": "external",
"summary": "SUSE Bug 1235524 for CVE-2024-56638",
"url": "https://bugzilla.suse.com/1235524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56640",
"url": "https://www.suse.com/security/cve/CVE-2024-56640"
},
{
"category": "external",
"summary": "SUSE Bug 1235436 for CVE-2024-56640",
"url": "https://bugzilla.suse.com/1235436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier\u0027s knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don\u0027t do this when ref_obj_id \u003e 0, as in\nthat case this is an acquired object and doesn\u0027t need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon\u0027t regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56702",
"url": "https://www.suse.com/security/cve/CVE-2024-56702"
},
{
"category": "external",
"summary": "SUSE Bug 1235501 for CVE-2024-56702",
"url": "https://bugzilla.suse.com/1235501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core\u2014indicated by their \u0027next\u0027 and\n\u0027previous\u0027 elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- \u003cIRQ stack\u003e --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56703",
"url": "https://www.suse.com/security/cve/CVE-2024-56703"
},
{
"category": "external",
"summary": "SUSE Bug 1235455 for CVE-2024-56703",
"url": "https://bugzilla.suse.com/1235455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev-\u003enext should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56718",
"url": "https://www.suse.com/security/cve/CVE-2024-56718"
},
{
"category": "external",
"summary": "SUSE Bug 1235589 for CVE-2024-56718",
"url": "https://bugzilla.suse.com/1235589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]\u0027s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv-\u003edma_cap.addr64 \u003e 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56719",
"url": "https://www.suse.com/security/cve/CVE-2024-56719"
},
{
"category": "external",
"summary": "SUSE Bug 1235591 for CVE-2024-56719",
"url": "https://bugzilla.suse.com/1235591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-56751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: release nexthop on device removal\n\nThe CI is hitting some aperiodic hangup at device removal time in the\npmtu.sh self-test:\n\nunregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6\nref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at\n\tdst_init+0x84/0x4a0\n\tdst_alloc+0x97/0x150\n\tip6_dst_alloc+0x23/0x90\n\tip6_rt_pcpu_alloc+0x1e6/0x520\n\tip6_pol_route+0x56f/0x840\n\tfib6_rule_lookup+0x334/0x630\n\tip6_route_output_flags+0x259/0x480\n\tip6_dst_lookup_tail.constprop.0+0x5c2/0x940\n\tip6_dst_lookup_flow+0x88/0x190\n\tudp_tunnel6_dst_lookup+0x2a7/0x4c0\n\tvxlan_xmit_one+0xbde/0x4a50 [vxlan]\n\tvxlan_xmit+0x9ad/0xf20 [vxlan]\n\tdev_hard_start_xmit+0x10e/0x360\n\t__dev_queue_xmit+0xf95/0x18c0\n\tarp_solicit+0x4a2/0xe00\n\tneigh_probe+0xaa/0xf0\n\nWhile the first suspect is the dst_cache, explicitly tracking the dst\nowing the last device reference via probes proved such dst is held by\nthe nexthop in the originating fib6_info.\n\nSimilar to commit f5b51fe804ec (\"ipv6: route: purge exception on\nremoval\"), we need to explicitly release the originating fib info when\ndisconnecting a to-be-removed device from a live ipv6 dst: move the\nfib6_info cleanup into ip6_dst_ifdown().\n\nTested running:\n\n./pmtu.sh cleanup_ipv6_exception\n\nin a tight loop for more than 400 iterations with no spat, running an\nunpatched kernel I observed a splat every ~10 iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56751",
"url": "https://www.suse.com/security/cve/CVE-2024-56751"
},
{
"category": "external",
"summary": "SUSE Bug 1234936 for CVE-2024-56751",
"url": "https://bugzilla.suse.com/1234936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56758",
"url": "https://www.suse.com/security/cve/CVE-2024-56758"
},
{
"category": "external",
"summary": "SUSE Bug 1235621 for CVE-2024-56758",
"url": "https://bugzilla.suse.com/1235621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: netem: account for backlog updates from child qdisc\n\nIn general, \u0027qlen\u0027 of any classful qdisc should keep track of the\nnumber of packets that the qdisc itself and all of its children holds.\nIn case of netem, \u0027qlen\u0027 only accounts for the packets in its internal\ntfifo. When netem is used with a child qdisc, the child qdisc can use\n\u0027qdisc_tree_reduce_backlog\u0027 to inform its parent, netem, about created\nor dropped SKBs. This function updates \u0027qlen\u0027 and the backlog statistics\nof netem, but netem does not account for changes made by a child qdisc.\n\u0027qlen\u0027 then indicates the wrong number of packets in the tfifo.\nIf a child qdisc creates new SKBs during enqueue and informs its parent\nabout this, netem\u0027s \u0027qlen\u0027 value is increased. When netem dequeues the\nnewly created SKBs from the child, the \u0027qlen\u0027 in netem is not updated.\nIf \u0027qlen\u0027 reaches the configured sch-\u003elimit, the enqueue function stops\nworking, even though the tfifo is not full.\n\nReproduce the bug:\nEnsure that the sender machine has GSO enabled. Configure netem as root\nqdisc and tbf as its child on the outgoing interface of the machine\nas follows:\n$ tc qdisc add dev \u003coif\u003e root handle 1: netem delay 100ms limit 100\n$ tc qdisc add dev \u003coif\u003e parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms\n\nSend bulk TCP traffic out via this interface, e.g., by running an iPerf3\nclient on the machine. Check the qdisc statistics:\n$ tc -s qdisc show dev \u003coif\u003e\n\nStatistics after 10s of iPerf3 TCP test before the fix (note that\nnetem\u0027s backlog \u003e limit, netem stopped accepting packets):\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0)\n backlog 4294528236b 1155p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0)\n backlog 0b 0p requeues 0\n\nStatistics after the fix:\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0)\n backlog 0b 0p requeues 0\n\ntbf segments the GSO SKBs (tbf_segment) and updates the netem\u0027s \u0027qlen\u0027.\nThe interface fully stops transferring packets and \"locks\". In this case,\nthe child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at\nits limit and no more packets are accepted.\n\nThis patch adds a counter for the entries in the tfifo. Netem\u0027s \u0027qlen\u0027 is\nonly decreased when a packet is returned by its dequeue function, and not\nduring enqueuing into the child qdisc. External updates to \u0027qlen\u0027 are thus\naccounted for and only the behavior of the backlog statistics changes. As\nin other qdiscs, \u0027qlen\u0027 then keeps track of how many packets are held in\nnetem and all of its children. As before, sch-\u003elimit remains as the\nmaximum number of packets in the tfifo. The same applies to netem\u0027s\nbacklog statistics.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56770",
"url": "https://www.suse.com/security/cve/CVE-2024-56770"
},
{
"category": "external",
"summary": "SUSE Bug 1235637 for CVE-2024-56770",
"url": "https://bugzilla.suse.com/1235637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix for a potential deadlock\n\nThis fixes a \u0027possible circular locking dependency detected\u0027 warning\n CPU0 CPU1\n ---- ----\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n\nFix this by temporarily releasing the reset_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57807",
"url": "https://www.suse.com/security/cve/CVE-2024-57807"
},
{
"category": "external",
"summary": "SUSE Bug 1235761 for CVE-2024-57807",
"url": "https://bugzilla.suse.com/1235761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57807"
},
{
"cve": "CVE-2024-57834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread\n\nsyzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1]\n\nIf dvb-\u003emux is not initialized successfully by vidtv_mux_init() in the\nvidtv_start_streaming(), it will trigger null pointer dereference about mux\nin vidtv_mux_stop_thread().\n\nAdjust the timing of streaming initialization and check it before\nstopping it.\n\n[1]\nKASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\nCPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:vidtv_mux_stop_thread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471\nCode: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8\nRSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125\nRDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128\nRBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188\nR13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710\nFS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline]\n vidtv_stop_feed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252\n dmx_section_feed_stop_filtering+0x90/0x160 drivers/media/dvb-core/dvb_demux.c:1000\n dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486\n dvb_dmxdev_filter_stop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3f8/0xb60 fs/file_table.c:450\n task_work_run+0x14e/0x250 kernel/task_work.c:239\n get_signal+0x1d3/0x2610 kernel/signal.c:2790\n arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218\n do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57834",
"url": "https://www.suse.com/security/cve/CVE-2024-57834"
},
{
"category": "external",
"summary": "SUSE Bug 1238993 for CVE-2024-57834",
"url": "https://bugzilla.suse.com/1238993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 \u003c80\u003e 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n \u003c/TASK\u003e\n\nEric noted a probable shinfo-\u003enr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57882",
"url": "https://www.suse.com/security/cve/CVE-2024-57882"
},
{
"category": "external",
"summary": "SUSE Bug 1235914 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "external",
"summary": "SUSE Bug 1235916 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-57882"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: serialize calls to nf_register_net_hooks()\n\nsyzbot found a race in ila_add_mapping() [1]\n\ncommit 031ae72825ce (\"ila: call nf_unregister_net_hooks() sooner\")\nattempted to fix a similar issue.\n\nLooking at the syzbot repro, we have concurrent ILA_CMD_ADD commands.\n\nAdd a mutex to make sure at most one thread is calling nf_register_net_hooks().\n\n[1]\n BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\nRead of size 4 at addr ffff888028f40008 by task dhcpcd/5501\n\nCPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626\n nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309\n __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672\n __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785\n process_backlog+0x443/0x15f0 net/core/dev.c:6117\n __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0xa94/0x1010 net/core/dev.c:7074\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57900",
"url": "https://www.suse.com/security/cve/CVE-2024-57900"
},
{
"category": "external",
"summary": "SUSE Bug 1235973 for CVE-2024-57900",
"url": "https://bugzilla.suse.com/1235973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrdma/cxgb4: Prevent potential integer overflow on 32bit\n\nThe \"gl-\u003etot_len\" variable is controlled by the user. It comes from\nprocess_responses(). On 32bit systems, the \"gl-\u003etot_len + sizeof(struct\ncpl_pass_accept_req) + sizeof(struct rss_header)\" addition could have an\ninteger wrapping bug. Use size_add() to prevent this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57973",
"url": "https://www.suse.com/security/cve/CVE-2024-57973"
},
{
"category": "external",
"summary": "SUSE Bug 1238531 for CVE-2024-57973",
"url": "https://bugzilla.suse.com/1238531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Deal with race between UDP socket address change and rehash\n\nIf a UDP socket changes its local address while it\u0027s receiving\ndatagrams, as a result of connect(), there is a period during which\na lookup operation might fail to find it, after the address is changed\nbut before the secondary hash (port and address) and the four-tuple\nhash (local and remote ports and addresses) are updated.\n\nSecondary hash chains were introduced by commit 30fff9231fad (\"udp:\nbind() optimisation\") and, as a result, a rehash operation became\nneeded to make a bound socket reachable again after a connect().\n\nThis operation was introduced by commit 719f835853a9 (\"udp: add\nrehash on connect()\") which isn\u0027t however a complete fix: the\nsocket will be found once the rehashing completes, but not while\nit\u0027s pending.\n\nThis is noticeable with a socat(1) server in UDP4-LISTEN mode, and a\nclient sending datagrams to it. After the server receives the first\ndatagram (cf. _xioopen_ipdgram_listen()), it issues a connect() to\nthe address of the sender, in order to set up a directed flow.\n\nNow, if the client, running on a different CPU thread, happens to\nsend a (subsequent) datagram while the server\u0027s socket changes its\naddress, but is not rehashed yet, this will result in a failed\nlookup and a port unreachable error delivered to the client, as\napparent from the following reproducer:\n\n LEN=$(($(cat /proc/sys/net/core/wmem_default) / 4))\n dd if=/dev/urandom bs=1 count=${LEN} of=tmp.in\n\n while :; do\n \ttaskset -c 1 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.1 || sleep 1\n \ttaskset -c 2 socat OPEN:tmp.in UDP4:localhost:1337,shut-null\n \twait\n done\n\nwhere the client will eventually get ECONNREFUSED on a write()\n(typically the second or third one of a given iteration):\n\n 2024/11/13 21:28:23 socat[46901] E write(6, 0x556db2e3c000, 8192): Connection refused\n\nThis issue was first observed as a seldom failure in Podman\u0027s tests\nchecking UDP functionality while using pasta(1) to connect the\ncontainer\u0027s network namespace, which leads us to a reproducer with\nthe lookup error resulting in an ICMP packet on a tap device:\n\n LOCAL_ADDR=\"$(ip -j -4 addr show|jq -rM \u0027.[] | .addr_info[0] | select(.scope == \"global\").local\u0027)\"\n\n while :; do\n \t./pasta --config-net -p pasta.pcap -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.2 || sleep 1\n \tsocat OPEN:tmp.in UDP4:${LOCAL_ADDR}:1337,shut-null\n \twait\n \tcmp tmp.in tmp.out\n done\n\nOnce this fails:\n\n tmp.in tmp.out differ: char 8193, line 29\n\nwe can finally have a look at what\u0027s going on:\n\n $ tshark -r pasta.pcap\n 1 0.000000 :: ? ff02::16 ICMPv6 110 Multicast Listener Report Message v2\n 2 0.168690 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 3 0.168767 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 4 0.168806 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 5 0.168827 c6:47:05:8d:dc:04 ? Broadcast ARP 42 Who has 88.198.0.161? Tell 88.198.0.164\n 6 0.168851 9a:55:9a:55:9a:55 ? c6:47:05:8d:dc:04 ARP 42 88.198.0.161 is at 9a:55:9a:55:9a:55\n 7 0.168875 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 8 0.168896 88.198.0.164 ? 88.198.0.161 ICMP 590 Destination unreachable (Port unreachable)\n 9 0.168926 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 10 0.168959 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 11 0.168989 88.198.0.161 ? 88.198.0.164 UDP 4138 60260 ? 1337 Len=4096\n 12 0.169010 88.198.0.161 ? 88.198.0.164 UDP 42 60260 ? 1337 Len=0\n\nOn the third datagram received, the network namespace of the container\ninitiates an ARP lookup to deliver the ICMP message.\n\nIn another variant of this reproducer, starting the client with:\n\n strace -f pasta --config-net -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,tru\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57974",
"url": "https://www.suse.com/security/cve/CVE-2024-57974"
},
{
"category": "external",
"summary": "SUSE Bug 1238532 for CVE-2024-57974",
"url": "https://bugzilla.suse.com/1238532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Fix potential error pointer dereference in detach_pm()\n\nThe proble is on the first line:\n\n\tif (jpeg-\u003epd_dev[i] \u0026\u0026 !pm_runtime_suspended(jpeg-\u003epd_dev[i]))\n\nIf jpeg-\u003epd_dev[i] is an error pointer, then passing it to\npm_runtime_suspended() will lead to an Oops. The other conditions\ncheck for both error pointers and NULL, but it would be more clear to\nuse the IS_ERR_OR_NULL() check for that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57978",
"url": "https://www.suse.com/security/cve/CVE-2024-57978"
},
{
"category": "external",
"summary": "SUSE Bug 1238523 for CVE-2024-57978",
"url": "https://bugzilla.suse.com/1238523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can\u0027t explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\n\n pps_core: source serial1 got cdev (251:1)\n \u003c...\u003e\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57979",
"url": "https://www.suse.com/security/cve/CVE-2024-57979"
},
{
"category": "external",
"summary": "SUSE Bug 1238521 for CVE-2024-57979",
"url": "https://bugzilla.suse.com/1238521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix double free in error path\n\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev-\u003estatus pointer but doesn\u0027t reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev-\u003estatus pointer to\nNULL after freeing it.\n\nReviewed by: Ricardo Ribalda \u003cribalda@chromium.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57980",
"url": "https://www.suse.com/security/cve/CVE-2024-57980"
},
{
"category": "external",
"summary": "SUSE Bug 1237911 for CVE-2024-57980",
"url": "https://bugzilla.suse.com/1237911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix NULL pointer dereference on certain command aborts\n\nIf a command is queued to the final usable TRB of a ring segment, the\nenqueue pointer is advanced to the subsequent link TRB and no further.\nIf the command is later aborted, when the abort completion is handled\nthe dequeue pointer is advanced to the first TRB of the next segment.\n\nIf no further commands are queued, xhci_handle_stopped_cmd_ring() sees\nthe ring pointers unequal and assumes that there is a pending command,\nso it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.\n\nDon\u0027t attempt timer setup if cur_cmd is NULL. The subsequent doorbell\nring likely is unnecessary too, but it\u0027s harmless. Leave it alone.\n\nThis is probably Bug 219532, but no confirmation has been received.\n\nThe issue has been independently reproduced and confirmed fixed using\na USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.\nEverything continued working normally after several prevented crashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57981",
"url": "https://www.suse.com/security/cve/CVE-2024-57981"
},
{
"category": "external",
"summary": "SUSE Bug 1237912 for CVE-2024-57981",
"url": "https://bugzilla.suse.com/1237912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Fix assumption that Resolution Multipliers must be in Logical Collections\n\nA report in 2019 by the syzbot fuzzer was found to be connected to two\nerrors in the HID core associated with Resolution Multipliers. One of\nthe errors was fixed by commit ea427a222d8b (\"HID: core: Fix deadloop\nin hid_apply_multiplier.\"), but the other has not been fixed.\n\nThis error arises because hid_apply_multipler() assumes that every\nResolution Multiplier control is contained in a Logical Collection,\ni.e., there\u0027s no way the routine can ever set multiplier_collection to\nNULL. This is in spite of the fact that the function starts with a\nbig comment saying:\n\n\t * \"The Resolution Multiplier control must be contained in the same\n\t * Logical Collection as the control(s) to which it is to be applied.\n\t ...\n\t * If no Logical Collection is\n\t * defined, the Resolution Multiplier is associated with all\n\t * controls in the report.\"\n\t * HID Usage Table, v1.12, Section 4.3.1, p30\n\t *\n\t * Thus, search from the current collection upwards until we find a\n\t * logical collection...\n\nThe comment and the code overlook the possibility that none of the\ncollections found may be a Logical Collection.\n\nThe fix is to set the multiplier_collection pointer to NULL if the\ncollection found isn\u0027t a Logical Collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57986",
"url": "https://www.suse.com/security/cve/CVE-2024-57986"
},
{
"category": "external",
"summary": "SUSE Bug 1237907 for CVE-2024-57986",
"url": "https://bugzilla.suse.com/1237907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: fix off by one in mt7925_load_clc()\n\nThis comparison should be \u003e= instead of \u003e to prevent an out of bounds\nread and write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57990",
"url": "https://www.suse.com/security/cve/CVE-2024-57990"
},
{
"category": "external",
"summary": "SUSE Bug 1237900 for CVE-2024-57990",
"url": "https://bugzilla.suse.com/1237900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check\n\nsyzbot has found a type mismatch between a USB pipe and the transfer\nendpoint, which is triggered by the hid-thrustmaster driver[1].\nThere is a number of similar, already fixed issues [2].\nIn this case as in others, implementing check for endpoint type fixes the issue.\n\n[1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470\n[2] https://syzkaller.appspot.com/bug?extid=348331f63b034f89b622",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57993",
"url": "https://www.suse.com/security/cve/CVE-2024-57993"
},
{
"category": "external",
"summary": "SUSE Bug 1237894 for CVE-2024-57993",
"url": "https://bugzilla.suse.com/1237894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don\u0027t allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q-\u003etail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57996",
"url": "https://www.suse.com/security/cve/CVE-2024-57996"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "external",
"summary": "SUSE Bug 1239077 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wcn36xx: fix channel survey memory allocation size\n\nKASAN reported a memory allocation issue in wcn-\u003echan_survey\ndue to incorrect size calculation.\nThis commit uses kcalloc to allocate memory for wcn-\u003echan_survey,\nensuring proper initialization and preventing the use of uninitialized\nvalues when there are no frames on the channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57997",
"url": "https://www.suse.com/security/cve/CVE-2024-57997"
},
{
"category": "external",
"summary": "SUSE Bug 1238529 for CVE-2024-57997",
"url": "https://bugzilla.suse.com/1238529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW\n\nPower Hypervisor can possibily allocate MMIO window intersecting with\nDynamic DMA Window (DDW) range, which is over 32-bit addressing.\n\nThese MMIO pages needs to be marked as reserved so that IOMMU doesn\u0027t map\nDMA buffers in this range.\n\nThe current code is not marking these pages correctly which is resulting\nin LPAR to OOPS while booting. The stack is at below\n\nBUG: Unable to handle kernel data access on read at 0xc00800005cd40000\nFaulting instruction address: 0xc00000000005cdac\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod\nSupported: Yes, External\nCPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b\nHardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries\nWorkqueue: events work_for_cpu_fn\nNIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000\nREGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default)\nMSR: 800000000280b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 24228448 XER: 00000001\nCFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0\nGPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800\nGPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000\nGPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff\nGPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000\nGPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800\nGPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b\nGPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8\nGPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800\nNIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100\nLR [c00000000005e830] iommu_init_table+0x80/0x1e0\nCall Trace:\n[c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable)\n[c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40\n[c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230\n[c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90\n[c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80\n[c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net]\n[c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110\n[c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60\n[c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620\n[c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620\n[c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150\n[c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18\n\nThere are 2 issues in the code\n\n1. The index is \"int\" while the address is \"unsigned long\". This results in\n negative value when setting the bitmap.\n\n2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit\n address). MMIO address needs to be page shifted as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57999",
"url": "https://www.suse.com/security/cve/CVE-2024-57999"
},
{
"category": "external",
"summary": "SUSE Bug 1238526 for CVE-2024-57999",
"url": "https://bugzilla.suse.com/1238526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Remove dangling pointers\n\nWhen an async control is written, we copy a pointer to the file handle\nthat started the operation. That pointer will be used when the device is\ndone. Which could be anytime in the future.\n\nIf the user closes that file descriptor, its structure will be freed,\nand there will be one dangling pointer per pending async control, that\nthe driver will try to use.\n\nClean all the dangling pointers during release().\n\nTo avoid adding a performance penalty in the most common case (no async\noperation), a counter has been introduced with some logic to make sure\nthat it is properly handled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58002",
"url": "https://www.suse.com/security/cve/CVE-2024-58002"
},
{
"category": "external",
"summary": "SUSE Bug 1238503 for CVE-2024-58002",
"url": "https://bugzilla.suse.com/1238503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Change to kvalloc() in eventlog/acpi.c\n\nThe following failure was reported on HPE ProLiant D320:\n\n[ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0)\n[ 10.848132][ T1] ------------[ cut here ]------------\n[ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330\n[ 10.862827][ T1] Modules linked in:\n[ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375\n[ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024\n[ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330\n[ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 \u003c0f\u003e 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1\n[ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246\n[ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000\n[ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0\n\nThe above transcript shows that ACPI pointed a 16 MiB buffer for the log\nevents because RSI maps to the \u0027order\u0027 parameter of __alloc_pages_noprof().\nAddress the bug by moving from devm_kmalloc() to devm_add_action() and\nkvmalloc() and devm_add_action().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58005",
"url": "https://www.suse.com/security/cve/CVE-2024-58005"
},
{
"category": "external",
"summary": "SUSE Bug 1237873 for CVE-2024-58005",
"url": "https://bugzilla.suse.com/1237873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()\n\nIn commit 4284c88fff0e (\"PCI: designware-ep: Allow pci_epc_set_bar() update\ninbound map address\") set_bar() was modified to support dynamically\nchanging the backing physical address of a BAR that was already configured.\n\nThis means that set_bar() can be called twice, without ever calling\nclear_bar() (as calling clear_bar() would clear the BAR\u0027s PCI address\nassigned by the host).\n\nThis can only be done if the new BAR size/flags does not differ from the\nexisting BAR configuration. Add these missing checks.\n\nIf we allow set_bar() to set e.g. a new BAR size that differs from the\nexisting BAR size, the new address translation range will be smaller than\nthe BAR size already determined by the host, which would mean that a read\npast the new BAR size would pass the iATU untranslated, which could allow\nthe host to read memory not belonging to the new struct pci_epf_bar.\n\nWhile at it, add comments which clarifies the support for dynamically\nchanging the physical address of a BAR. (Which was also missing.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58006",
"url": "https://www.suse.com/security/cve/CVE-2024-58006"
},
{
"category": "external",
"summary": "SUSE Bug 1238772 for CVE-2024-58006",
"url": "https://bugzilla.suse.com/1238772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: socinfo: Avoid out of bounds read of serial number\n\nOn MSM8916 devices, the serial number exposed in sysfs is constant and does\nnot change across individual devices. It\u0027s always:\n\n db410c:/sys/devices/soc0$ cat serial_number\n 2644893864\n\nThe firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not\nhave support for the serial_num field in the socinfo struct. There is an\nexisting check to avoid exposing the serial number in that case, but it\u0027s\nnot correct: When checking the item_size returned by SMEM, we need to make\nsure the *end* of the serial_num is within bounds, instead of comparing\nwith the *start* offset. The serial_number currently exposed on MSM8916\ndevices is just an out of bounds read of whatever comes after the socinfo\nstruct in SMEM.\n\nFix this by changing offsetof() to offsetofend(), so that the size of the\nfield is also taken into account.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58007",
"url": "https://www.suse.com/security/cve/CVE-2024-58007"
},
{
"category": "external",
"summary": "SUSE Bug 1238511 for CVE-2024-58007",
"url": "https://bugzilla.suse.com/1238511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58009",
"url": "https://www.suse.com/security/cve/CVE-2024-58009"
},
{
"category": "external",
"summary": "SUSE Bug 1238760 for CVE-2024-58009",
"url": "https://bugzilla.suse.com/1238760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: int3472: Check for adev == NULL\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL. This\ncan e.g. (theoretically) happen when a user manually binds one of\nthe int3472 drivers to another i2c/platform device through sysfs.\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58011",
"url": "https://www.suse.com/security/cve/CVE-2024-58011"
},
{
"category": "external",
"summary": "SUSE Bug 1239080 for CVE-2024-58011",
"url": "https://bugzilla.suse.com/1239080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params\n\nEach cpu DAI should associate with a widget. However, the topology might\nnot create the right number of DAI widgets for aggregated amps. And it\nwill cause NULL pointer deference.\nCheck that the DAI widget associated with the CPU DAI is valid to prevent\nNULL pointer deference due to missing DAI widgets in topologies with\naggregated amps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58012",
"url": "https://www.suse.com/security/cve/CVE-2024-58012"
},
{
"category": "external",
"summary": "SUSE Bug 1239104 for CVE-2024-58012",
"url": "https://bugzilla.suse.com/1239104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\nRead of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961\n\nCPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 16026:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n sock_write_iter+0x2d7/0x3f0 net/socket.c:1147\n new_sync_write fs/read_write.c:586 [inline]\n vfs_write+0xaeb/0xd30 fs/read_write.c:679\n ksys_write+0x18f/0x2b0 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 16022:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kfree+0x196/0x420 mm/slub.c:4746\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550\n hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1209\n sock_ioctl+0x626/0x8e0 net/socket.c:1328\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58013",
"url": "https://www.suse.com/security/cve/CVE-2024-58013"
},
{
"category": "external",
"summary": "SUSE Bug 1239095 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "external",
"summary": "SUSE Bug 1239096 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()\n\nIn \u0027wlc_phy_iqcal_gainparams_nphy()\u0027, add gain range check to WARN()\ninstead of possible out-of-bounds \u0027tbl_iqcal_gainparams_nphy\u0027 access.\nCompile tested only.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58014",
"url": "https://www.suse.com/security/cve/CVE-2024-58014"
},
{
"category": "external",
"summary": "SUSE Bug 1239109 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "external",
"summary": "SUSE Bug 1239110 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nprintk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX\n\nShifting 1 \u003c\u003c 31 on a 32-bit int causes signed integer overflow, which\nleads to undefined behavior. To prevent this, cast 1 to u32 before\nperforming the shift, ensuring well-defined behavior.\n\nThis change explicitly avoids any potential overflow by ensuring that\nthe shift occurs on an unsigned 32-bit integer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58017",
"url": "https://www.suse.com/security/cve/CVE-2024-58017"
},
{
"category": "external",
"summary": "SUSE Bug 1239112 for CVE-2024-58017",
"url": "https://bugzilla.suse.com/1239112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm/gsp: correctly advance the read pointer of GSP message queue\n\nA GSP event message consists three parts: message header, RPC header,\nmessage body. GSP calculates the number of pages to write from the\ntotal size of a GSP message. This behavior can be observed from the\nmovement of the write pointer.\n\nHowever, nvkm takes only the size of RPC header and message body as\nthe message size when advancing the read pointer. When handling a\ntwo-page GSP message in the non rollback case, It wrongly takes the\nmessage body of the previous message as the message header of the next\nmessage. As the \"message length\" tends to be zero, in the calculation of\nsize needs to be copied (0 - size of (message header)), the size needs to\nbe copied will be \"0xffffffxx\". It also triggers a kernel panic due to a\nNULL pointer error.\n\n[ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@.......\n[ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................\n[ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................\n[ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................\n[ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 547.669485] #PF: supervisor read access in kernel mode\n[ 547.674624] #PF: error_code(0x0000) - not-present page\n[ 547.679755] PGD 0 P4D 0\n[ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1\n[ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm]\n[ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 \u003c8b\u003e 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05\n[ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203\n[ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f\n[ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010\n[ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0\n[ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000\n[ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000\n[ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000\n[ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0\n[ 547.793896] PKRU: 55555554\n[ 547.796600] Call Trace:\n[ 547.799046] \u003cTASK\u003e\n[ 547.801152] ? __die+0x20/0x70\n[ 547.804211] ? page_fault_oops+0x75/0x170\n[ 547.808221] ? print_hex_dump+0x100/0x160\n[ 547.812226] ? exc_page_fault+0x64/0x150\n[ 547.816152] ? asm_exc_page_fault+0x22/0x30\n[ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm]\n[ 547.829845] process_one_work+0x196/0x3d0\n[ 547.833861] worker_thread+0x2fc/0x410\n[ 547.837613] ? __pfx_worker_thread+0x10/0x10\n[ 547.841885] kthread+0xdf/0x110\n[ 547.845031] ? __pfx_kthread+0x10/0x10\n[ 547.848775] ret_from_fork+0x30/0x50\n[ 547.852354] ? __pfx_kthread+0x10/0x10\n[ 547.856097] ret_from_fork_asm+0x1a/0x30\n[ 547.860019] \u003c/TASK\u003e\n[ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58019",
"url": "https://www.suse.com/security/cve/CVE-2024-58019"
},
{
"category": "external",
"summary": "SUSE Bug 1238997 for CVE-2024-58019",
"url": "https://bugzilla.suse.com/1238997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Add NULL check in mt_input_configured\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt_input_configured() is not checked.\nAdd NULL check in mt_input_configured(), to handle kernel NULL\npointer dereference error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58020",
"url": "https://www.suse.com/security/cve/CVE-2024-58020"
},
{
"category": "external",
"summary": "SUSE Bug 1239346 for CVE-2024-58020",
"url": "https://bugzilla.suse.com/1239346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()\n\nAs of_find_node_by_name() release the reference of the argument device\nnode, tegra_emc_find_node_by_ram_code() releases some device nodes while\nstill in use, resulting in possible UAFs. According to the bindings and\nthe in-tree DTS files, the \"emc-tables\" node is always device\u0027s child\nnode with the property \"nvidia,use-ram-code\", and the \"lpddr2\" node is a\nchild of the \"emc-tables\" node. Thus utilize the\nfor_each_child_of_node() macro and of_get_child_by_name() instead of\nof_find_node_by_name() to simplify the code.\n\nThis bug was found by an experimental verification tool that I am\ndeveloping.\n\n[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58034",
"url": "https://www.suse.com/security/cve/CVE-2024-58034"
},
{
"category": "external",
"summary": "SUSE Bug 1238773 for CVE-2024-58034",
"url": "https://bugzilla.suse.com/1238773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ipmb: Add check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this\nreturned value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58051",
"url": "https://www.suse.com/security/cve/CVE-2024-58051"
},
{
"category": "external",
"summary": "SUSE Bug 1238963 for CVE-2024-58051",
"url": "https://bugzilla.suse.com/1238963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table\n\nThe function atomctrl_get_smc_sclk_range_table() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to\nretrieve SMU_Info table, it returns NULL which is later dereferenced.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nIn practice this should never happen as this code only gets called\non polaris chips and the vbios data table will always be present on\nthose chips.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58052",
"url": "https://www.suse.com/security/cve/CVE-2024-58052"
},
{
"category": "external",
"summary": "SUSE Bug 1238986 for CVE-2024-58052",
"url": "https://bugzilla.suse.com/1238986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58052"
},
{
"cve": "CVE-2024-58054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: max96712: fix kernel oops when removing module\n\nThe following kernel oops is thrown when trying to remove the max96712\nmodule:\n\nUnable to handle kernel paging request at virtual address 00007375746174db\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af89000\n[00007375746174db] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in: crct10dif_ce polyval_ce mxc_jpeg_encdec flexcan\n snd_soc_fsl_sai snd_soc_fsl_asoc_card snd_soc_fsl_micfil dwc_mipi_csi2\n imx_csi_formatter polyval_generic v4l2_jpeg imx_pcm_dma can_dev\n snd_soc_imx_audmux snd_soc_wm8962 snd_soc_imx_card snd_soc_fsl_utils\n max96712(C-) rpmsg_ctrl rpmsg_char pwm_fan fuse\n [last unloaded: imx8_isi]\nCPU: 0 UID: 0 PID: 754 Comm: rmmod\n\t Tainted: G C 6.12.0-rc6-06364-g327fec852c31 #17\nTainted: [C]=CRAP\nHardware name: NXP i.MX95 19X19 board (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : led_put+0x1c/0x40\nlr : v4l2_subdev_put_privacy_led+0x48/0x58\nsp : ffff80008699bbb0\nx29: ffff80008699bbb0 x28: ffff00008ac233c0 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000080cf1170 x22: ffff00008b53bd00 x21: ffff8000822ad1c8\nx20: ffff000080ff5c00 x19: ffff00008b53be40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000004 x13: ffff0000800f8010 x12: 0000000000000000\nx11: ffff000082acf5c0 x10: ffff000082acf478 x9 : ffff0000800f8010\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000020 x3 : 00000000553a3dc1\nx2 : ffff00008ac233c0 x1 : ffff00008ac233c0 x0 : ff00737574617473\nCall trace:\n led_put+0x1c/0x40\n v4l2_subdev_put_privacy_led+0x48/0x58\n v4l2_async_unregister_subdev+0x2c/0x1a4\n max96712_remove+0x1c/0x38 [max96712]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x4c/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n max96712_i2c_driver_exit+0x18/0x1d0 [max96712]\n __arm64_sys_delete_module+0x1a4/0x290\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xd8\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x190/0x194\nCode: f9000bf3 aa0003f3 f9402800 f9402000 (f9403400)\n---[ end trace 0000000000000000 ]---\n\nThis happens because in v4l2_i2c_subdev_init(), the i2c_set_cliendata()\nis called again and the data is overwritten to point to sd, instead of\npriv. So, in remove(), the wrong pointer is passed to\nv4l2_async_unregister_subdev(), leading to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58054",
"url": "https://www.suse.com/security/cve/CVE-2024-58054"
},
{
"category": "external",
"summary": "SUSE Bug 1238975 for CVE-2024-58054",
"url": "https://bugzilla.suse.com/1238975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58054"
},
{
"cve": "CVE-2024-58055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_tcm: Don\u0027t free command immediately\n\nDon\u0027t prematurely free the command. Wait for the status completion of\nthe sense status. It can be freed then. Otherwise we will double-free\nthe command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58055",
"url": "https://www.suse.com/security/cve/CVE-2024-58055"
},
{
"category": "external",
"summary": "SUSE Bug 1238959 for CVE-2024-58055",
"url": "https://bugzilla.suse.com/1238959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58055"
},
{
"cve": "CVE-2024-58056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Fix ida_free call while not allocated\n\nIn the rproc_alloc() function, on error, put_device(\u0026rproc-\u003edev) is\ncalled, leading to the call of the rproc_type_release() function.\nAn error can occurs before ida_alloc is called.\n\nIn such case in rproc_type_release(), the condition (rproc-\u003eindex \u003e= 0) is\ntrue as rproc-\u003eindex has been initialized to 0.\nida_free() is called reporting a warning:\n[ 4.181906] WARNING: CPU: 1 PID: 24 at lib/idr.c:525 ida_free+0x100/0x164\n[ 4.186378] stm32-display-dsi 5a000000.dsi: Fixed dependency cycle(s) with /soc/dsi@5a000000/panel@0\n[ 4.188854] ida_free called for id=0 which is not allocated.\n[ 4.198256] mipi-dsi 5a000000.dsi.0: Fixed dependency cycle(s) with /soc/dsi@5a000000\n[ 4.203556] Modules linked in: panel_orisetech_otm8009a dw_mipi_dsi_stm(+) gpu_sched dw_mipi_dsi stm32_rproc stm32_crc32 stm32_ipcc(+) optee(+)\n[ 4.224307] CPU: 1 UID: 0 PID: 24 Comm: kworker/u10:0 Not tainted 6.12.0 #442\n[ 4.231481] Hardware name: STM32 (Device Tree Support)\n[ 4.236627] Workqueue: events_unbound deferred_probe_work_func\n[ 4.242504] Call trace:\n[ 4.242522] unwind_backtrace from show_stack+0x10/0x14\n[ 4.250218] show_stack from dump_stack_lvl+0x50/0x64\n[ 4.255274] dump_stack_lvl from __warn+0x80/0x12c\n[ 4.260134] __warn from warn_slowpath_fmt+0x114/0x188\n[ 4.265199] warn_slowpath_fmt from ida_free+0x100/0x164\n[ 4.270565] ida_free from rproc_type_release+0x38/0x60\n[ 4.275832] rproc_type_release from device_release+0x30/0xa0\n[ 4.281601] device_release from kobject_put+0xc4/0x294\n[ 4.286762] kobject_put from rproc_alloc.part.0+0x208/0x28c\n[ 4.292430] rproc_alloc.part.0 from devm_rproc_alloc+0x80/0xc4\n[ 4.298393] devm_rproc_alloc from stm32_rproc_probe+0xd0/0x844 [stm32_rproc]\n[ 4.305575] stm32_rproc_probe [stm32_rproc] from platform_probe+0x5c/0xbc\n\nCalling ida_alloc earlier in rproc_alloc ensures that the rproc-\u003eindex is\nproperly set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58056",
"url": "https://www.suse.com/security/cve/CVE-2024-58056"
},
{
"category": "external",
"summary": "SUSE Bug 1238981 for CVE-2024-58056",
"url": "https://bugzilla.suse.com/1238981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58056"
},
{
"cve": "CVE-2024-58057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert workqueues to unbound\n\nWhen a workqueue is created with `WQ_UNBOUND`, its work items are\nserved by special worker-pools, whose host workers are not bound to\nany specific CPU. In the default configuration (i.e. when\n`queue_delayed_work` and friends do not specify which CPU to run the\nwork item on), `WQ_UNBOUND` allows the work item to be executed on any\nCPU in the same node of the CPU it was enqueued on. While this\nsolution potentially sacrifices locality, it avoids contention with\nother processes that might dominate the CPU time of the processor the\nwork item was scheduled on.\n\nThis is not just a theoretical problem: in a particular scenario\nmisconfigured process was hogging most of the time from CPU0, leaving\nless than 0.5% of its CPU time to the kworker. The IDPF workqueues\nthat were using the kworker on CPU0 suffered large completion delays\nas a result, causing performance degradation, timeouts and eventual\nsystem crash.\n\n\n* I have also run a manual test to gauge the performance\n improvement. The test consists of an antagonist process\n (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This\n process is run under `taskset 01` to bind it to CPU0, and its\n priority is changed with `chrt -pQ 9900 10000 ${pid}` and\n `renice -n -20 ${pid}` after start.\n\n Then, the IDPF driver is forced to prefer CPU0 by editing all calls\n to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0.\n\n Finally, `ktraces` for the workqueue events are collected.\n\n Without the current patch, the antagonist process can force\n arbitrary delays between `workqueue_queue_work` and\n `workqueue_execute_start`, that in my tests were as high as\n `30ms`. With the current patch applied, the workqueue can be\n migrated to another unloaded CPU in the same node, and, keeping\n everything else equal, the maximum delay I could see was `6us`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58057",
"url": "https://www.suse.com/security/cve/CVE-2024-58057"
},
{
"category": "external",
"summary": "SUSE Bug 1238969 for CVE-2024-58057",
"url": "https://bugzilla.suse.com/1238969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58057"
},
{
"cve": "CVE-2024-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: skip dumping tnc tree when zroot is null\n\nClearing slab cache will free all znode in memory and make\nc-\u003ezroot.znode = NULL, then dumping tnc tree will access\nc-\u003ezroot.znode which cause null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58058",
"url": "https://www.suse.com/security/cve/CVE-2024-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1238979 for CVE-2024-58058",
"url": "https://bugzilla.suse.com/1238979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: prohibit deactivating all links\n\nIn the internal API this calls this is a WARN_ON, but that\nshould remain since internally we want to know about bugs\nthat may cause this. Prevent deactivating all links in the\ndebugfs write directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58061",
"url": "https://www.suse.com/security/cve/CVE-2024-58061"
},
{
"category": "external",
"summary": "SUSE Bug 1238973 for CVE-2024-58061",
"url": "https://bugzilla.suse.com/1238973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58061"
},
{
"cve": "CVE-2024-58063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: fix memory leaks and invalid access at probe error path\n\nDeinitialize at reverse order when probe fails.\n\nWhen init_sw_vars fails, rtl_deinit_core should not be called, specially\nnow that it destroys the rtl_wq workqueue.\n\nAnd call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be\nleaked.\n\nRemove pci_set_drvdata call as it will already be cleaned up by the core\ndriver code and could lead to memory leaks too. cf. commit 8d450935ae7f\n(\"wireless: rtlwifi: remove unnecessary pci_set_drvdata()\") and\ncommit 3d86b93064c7 (\"rtlwifi: Fix PCI probe error path orphaned memory\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58063",
"url": "https://www.suse.com/security/cve/CVE-2024-58063"
},
{
"category": "external",
"summary": "SUSE Bug 1238984 for CVE-2024-58063",
"url": "https://bugzilla.suse.com/1238984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read\n\nThe nvmem interface supports variable buffer sizes, while the regmap\ninterface operates with fixed-size storage. If an nvmem client uses a\nbuffer size less than 4 bytes, regmap_read will write out of bounds\nas it expects the buffer to point at an unsigned int.\n\nFix this by using an intermediary unsigned int to hold the value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58069",
"url": "https://www.suse.com/security/cve/CVE-2024-58069"
},
{
"category": "external",
"summary": "SUSE Bug 1238978 for CVE-2024-58069",
"url": "https://bugzilla.suse.com/1238978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58069"
},
{
"cve": "CVE-2024-58072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58072",
"url": "https://www.suse.com/security/cve/CVE-2024-58072"
},
{
"category": "external",
"summary": "SUSE Bug 1238964 for CVE-2024-58072",
"url": "https://bugzilla.suse.com/1238964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-sm6350: Add missing parent_map for two clocks\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for two clocks where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58076",
"url": "https://www.suse.com/security/cve/CVE-2024-58076"
},
{
"category": "external",
"summary": "SUSE Bug 1239037 for CVE-2024-58076",
"url": "https://bugzilla.suse.com/1239037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58076"
},
{
"cve": "CVE-2024-58078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors\n\nmisc_minor_alloc was allocating id using ida for minor only in case of\nMISC_DYNAMIC_MINOR but misc_minor_free was always freeing ids\nusing ida_free causing a mismatch and following warn:\n\u003e \u003e WARNING: CPU: 0 PID: 159 at lib/idr.c:525 ida_free+0x3e0/0x41f\n\u003e \u003e ida_free called for id=127 which is not allocated.\n\u003e \u003e \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\n...\n\u003e \u003e [\u003c60941eb4\u003e] ida_free+0x3e0/0x41f\n\u003e \u003e [\u003c605ac993\u003e] misc_minor_free+0x3e/0xbc\n\u003e \u003e [\u003c605acb82\u003e] misc_deregister+0x171/0x1b3\n\nmisc_minor_alloc is changed to allocate id from ida for all minors\nfalling in the range of dynamic/ misc dynamic minors",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58078",
"url": "https://www.suse.com/security/cve/CVE-2024-58078"
},
{
"category": "external",
"summary": "SUSE Bug 1239034 for CVE-2024-58078",
"url": "https://bugzilla.suse.com/1239034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58078"
},
{
"cve": "CVE-2024-58079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix crash during unbind if gpio unit is in use\n\nWe used the wrong device for the device managed functions. We used the\nusb device, when we should be using the interface device.\n\nIf we unbind the driver from the usb interface, the cleanup functions\nare never called. In our case, the IRQ is never disabled.\n\nIf an IRQ is triggered, it will try to access memory sections that are\nalready free, causing an OOPS.\n\nWe cannot use the function devm_request_threaded_irq here. The devm_*\nclean functions may be called after the main structure is released by\nuvc_delete.\n\nLuckily this bug has small impact, as it is only affected by devices\nwith gpio units and the user has to unbind the device, a disconnect will\nnot trigger this error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58079",
"url": "https://www.suse.com/security/cve/CVE-2024-58079"
},
{
"category": "external",
"summary": "SUSE Bug 1239029 for CVE-2024-58079",
"url": "https://bugzilla.suse.com/1239029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58079"
},
{
"cve": "CVE-2024-58080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: dispcc-sm6350: Add missing parent_map for a clock\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for the clock where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58080",
"url": "https://www.suse.com/security/cve/CVE-2024-58080"
},
{
"category": "external",
"summary": "SUSE Bug 1239027 for CVE-2024-58080",
"url": "https://bugzilla.suse.com/1239027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58080"
},
{
"cve": "CVE-2024-58083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Explicitly verify target vCPU is online in kvm_get_vcpu()\n\nExplicitly verify the target vCPU is fully online _prior_ to clamping the\nindex in kvm_get_vcpu(). If the index is \"bad\", the nospec clamping will\ngenerate \u00270\u0027, i.e. KVM will return vCPU0 instead of NULL.\n\nIn practice, the bug is unlikely to cause problems, as it will only come\ninto play if userspace or the guest is buggy or misbehaving, e.g. KVM may\nsend interrupts to vCPU0 instead of dropping them on the floor.\n\nHowever, returning vCPU0 when it shouldn\u0027t exist per online_vcpus is\nproblematic now that KVM uses an xarray for the vCPUs array, as KVM needs\nto insert into the xarray before publishing the vCPU to userspace (see\ncommit c5b077549136 (\"KVM: Convert the kvm-\u003evcpus array to a xarray\")),\ni.e. before vCPU creation is guaranteed to succeed.\n\nAs a result, incorrectly providing access to vCPU0 will trigger a\nuse-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu()\nbails out of vCPU creation due to an error and frees vCPU0. Commit\nafb2acb2e3a3 (\"KVM: Fix vcpu_array[0] races\") papered over that issue, but\nin doing so introduced an unsolvable teardown conundrum. Preventing\naccesses to vCPU0 before it\u0027s fully online will allow reverting commit\nafb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58083",
"url": "https://www.suse.com/security/cve/CVE-2024-58083"
},
{
"category": "external",
"summary": "SUSE Bug 1239036 for CVE-2024-58083",
"url": "https://bugzilla.suse.com/1239036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: don\u0027t emit warning in tomoyo_write_control()\n\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\nfor one can write a very very long line without new line character. To fix\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\nfor practically a valid line should be always shorter than 32KB where the\n\"too small to fail\" memory-allocation rule applies.\n\nOne might try to write a valid line that is longer than 32KB, but such\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58085",
"url": "https://www.suse.com/security/cve/CVE-2024-58085"
},
{
"category": "external",
"summary": "SUSE Bug 1239085 for CVE-2024-58085",
"url": "https://bugzilla.suse.com/1239085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2024-58086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop active perfmon if it is being destroyed\n\nIf the active performance monitor (`v3d-\u003eactive_perfmon`) is being\ndestroyed, stop it first. Currently, the active perfmon is not\nstopped during destruction, leaving the `v3d-\u003eactive_perfmon` pointer\nstale. This can lead to undefined behavior and instability.\n\nThis patch ensures that the active perfmon is stopped before being\ndestroyed, aligning with the behavior introduced in commit\n7d1fd3638ee3 (\"drm/v3d: Stop the active perfmon before being destroyed\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58086",
"url": "https://www.suse.com/security/cve/CVE-2024-58086"
},
{
"category": "external",
"summary": "SUSE Bug 1239038 for CVE-2024-58086",
"url": "https://bugzilla.suse.com/1239038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2024-58086"
},
{
"cve": "CVE-2025-21631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix waker_bfqq UAF after bfq_split_bfqq()\n\nOur syzkaller report a following UAF for v6.6:\n\nBUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\nRead of size 8 at addr ffff8881b57147d8 by task fsstress/232726\n\nCPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\n print_report+0x3e/0x70 mm/kasan/report.c:475\n kasan_report+0xb8/0xf0 mm/kasan/report.c:588\n hlist_add_head include/linux/list.h:1023 [inline]\n bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230\n __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567\n ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947\n ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182\n ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660\n ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569\n iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91\n iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80\n ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051\n ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220\n do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811\n __do_sys_ioctl fs/ioctl.c:869 [inline]\n __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nAllocated by task 232719:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:768 [inline]\n slab_alloc_node mm/slub.c:3492 [inline]\n kmem_cache_alloc_node+0x1b8/0x6f0 mm/slub.c:3537\n bfq_get_queue+0x215/0x1f00 block/bfq-iosched.c:5869\n bfq_get_bfqq_handle_split+0x167/0x5f0 block/bfq-iosched.c:6776\n bfq_init_rq+0x13a4/0x17a0 block/bfq-iosched.c:6938\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh_nowait+0x15a/0x240 fs/ext4/super.c:217\n ext4_read_bh_lock+0xac/0xd0 fs/ext4/super.c:242\n ext4_bread_batch+0x268/0x500 fs/ext4/inode.c:958\n __ext4_find_entry+0x448/0x10f0 fs/ext4/namei.c:1671\n ext4_lookup_entry fs/ext4/namei.c:1774 [inline]\n ext4_lookup.part.0+0x359/0x6f0 fs/ext4/namei.c:1842\n ext4_lookup+0x72/0x90 fs/ext4/namei.c:1839\n __lookup_slow+0x257/0x480 fs/namei.c:1696\n lookup_slow fs/namei.c:1713 [inline]\n walk_component+0x454/0x5c0 fs/namei.c:2004\n link_path_walk.part.0+0x773/0xda0 fs/namei.c:2331\n link_path_walk fs/namei.c:3826 [inline]\n path_openat+0x1b9/0x520 fs/namei.c:3826\n do_filp_open+0x1b7/0x400 fs/namei.c:3857\n do_sys_openat2+0x5dc/0x6e0 fs/open.c:1428\n do_sys_open fs/open.c:1443 [inline]\n __do_sys_openat fs/open.c:1459 [inline]\n __se_sys_openat fs/open.c:1454 [inline]\n __x64_sys_openat+0x148/0x200 fs/open.c:1454\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_6\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21631",
"url": "https://www.suse.com/security/cve/CVE-2025-21631"
},
{
"category": "external",
"summary": "SUSE Bug 1236099 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "external",
"summary": "SUSE Bug 1236100 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the \u0027net\u0027 one can be retrieved from the listen\nsocket (if available).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21635",
"url": "https://www.suse.com/security/cve/CVE-2025-21635"
},
{
"category": "external",
"summary": "SUSE Bug 1236111 for CVE-2025-21635",
"url": "https://bugzilla.suse.com/1236111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21659",
"url": "https://www.suse.com/security/cve/CVE-2025-21659"
},
{
"category": "external",
"summary": "SUSE Bug 1236206 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "external",
"summary": "SUSE Bug 1236207 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn\u0027t.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21666",
"url": "https://www.suse.com/security/cve/CVE-2025-21666"
},
{
"category": "external",
"summary": "SUSE Bug 1236680 for CVE-2025-21666",
"url": "https://bugzilla.suse.com/1236680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21669",
"url": "https://www.suse.com/security/cve/CVE-2025-21669"
},
{
"category": "external",
"summary": "SUSE Bug 1236683 for CVE-2025-21669",
"url": "https://bugzilla.suse.com/1236683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21670",
"url": "https://www.suse.com/security/cve/CVE-2025-21670"
},
{
"category": "external",
"summary": "SUSE Bug 1236685 for CVE-2025-21670",
"url": "https://bugzilla.suse.com/1236685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21670"
},
{
"cve": "CVE-2025-21671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix potential UAF of zram table\n\nIf zram_meta_alloc failed early, it frees allocated zram-\u003etable without\nsetting it NULL. Which will potentially cause zram_meta_free to access\nthe table if user reset an failed and uninitialized device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21671",
"url": "https://www.suse.com/security/cve/CVE-2025-21671"
},
{
"category": "external",
"summary": "SUSE Bug 1236692 for CVE-2025-21671",
"url": "https://bugzilla.suse.com/1236692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21671"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clear port select structure when fail to create\n\nClear the port select structure on error so no stale values left after\ndefiners are destroyed. That\u0027s because the mlx5_lag_destroy_definers()\nalways try to destroy all lag definers in the tt_map, so in the flow\nbelow lag definers get double-destroyed and cause kernel crash:\n\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 1\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets destroyed\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 0\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets double-destroyed\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 64k pages, 48-bit VAs, pgdp=0000000112ce2e00\n [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n Modules linked in: iptable_raw bonding ip_gre ip6_gre gre ip6_tunnel tunnel6 geneve ip6_udp_tunnel udp_tunnel ipip tunnel4 ip_tunnel rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) mlx5_fwctl(OE) fwctl(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlxfw(OE) memtrack(OE) mlx_compat(OE) openvswitch nsh nf_conncount psample xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc netconsole overlay efi_pstore sch_fq_codel zram ip_tables crct10dif_ce qemu_fw_cfg fuse ipv6 crc_ccitt [last unloaded: mlx_compat(OE)]\n CPU: 3 UID: 0 PID: 217 Comm: kworker/u53:2 Tainted: G OE 6.11.0+ #2\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n lr : mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n sp : ffff800085fafb00\n x29: ffff800085fafb00 x28: ffff0000da0c8000 x27: 0000000000000000\n x26: ffff0000da0c8000 x25: ffff0000da0c8000 x24: ffff0000da0c8000\n x23: ffff0000c31f81a0 x22: 0400000000000000 x21: ffff0000da0c8000\n x20: 0000000000000000 x19: 0000000000000001 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8b0c9350\n x14: 0000000000000000 x13: ffff800081390d18 x12: ffff800081dc3cc0\n x11: 0000000000000001 x10: 0000000000000b10 x9 : ffff80007ab7304c\n x8 : ffff0000d00711f0 x7 : 0000000000000004 x6 : 0000000000000190\n x5 : ffff00027edb3010 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : ffff0000d39b8000 x1 : ffff0000d39b8000 x0 : 0400000000000000\n Call trace:\n mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n mlx5_lag_destroy_definers+0xa0/0x108 [mlx5_core]\n mlx5_lag_port_sel_create+0x2d4/0x6f8 [mlx5_core]\n mlx5_activate_lag+0x60c/0x6f8 [mlx5_core]\n mlx5_do_bond_work+0x284/0x5c8 [mlx5_core]\n process_one_work+0x170/0x3e0\n worker_thread+0x2d8/0x3e0\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n Code: a9025bf5 aa0003f6 a90363f7 f90023f9 (f9400400)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21675",
"url": "https://www.suse.com/security/cve/CVE-2025-21675"
},
{
"category": "external",
"summary": "SUSE Bug 1236694 for CVE-2025-21675",
"url": "https://bugzilla.suse.com/1236694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21675"
},
{
"cve": "CVE-2025-21678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Destroy device along with udp socket\u0027s netns dismantle.\n\ngtp_newlink() links the device to a list in dev_net(dev) instead of\nsrc_net, where a udp tunnel socket is created.\n\nEven when src_net is removed, the device stays alive on dev_net(dev).\nThen, removing src_net triggers the splat below. [0]\n\nIn this example, gtp0 is created in ns2, and the udp socket is created\nin ns1.\n\n ip netns add ns1\n ip netns add ns2\n ip -n ns1 link add netns ns2 name gtp0 type gtp role sgsn\n ip netns del ns1\n\nLet\u0027s link the device to the socket\u0027s netns instead.\n\nNow, gtp_net_exit_batch_rtnl() needs another netdev iteration to remove\nall gtp devices in the netns.\n\n[0]:\nref_tracker: net notrefcnt@000000003d6e7d05 has 1/2 users at\n sk_alloc (./include/net/net_namespace.h:345 net/core/sock.c:2236)\n inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252)\n __sock_create (net/socket.c:1558)\n udp_sock_create4 (net/ipv4/udp_tunnel_core.c:18)\n gtp_create_sock (./include/net/udp_tunnel.h:59 drivers/net/gtp.c:1423)\n gtp_create_sockets (drivers/net/gtp.c:1447)\n gtp_newlink (drivers/net/gtp.c:1507)\n rtnl_newlink (net/core/rtnetlink.c:3786 net/core/rtnetlink.c:3897 net/core/rtnetlink.c:4012)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6922)\n netlink_rcv_skb (net/netlink/af_netlink.c:2542)\n netlink_unicast (net/netlink/af_netlink.c:1321 net/netlink/af_netlink.c:1347)\n netlink_sendmsg (net/netlink/af_netlink.c:1891)\n ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2583)\n ___sys_sendmsg (net/socket.c:2639)\n __sys_sendmsg (net/socket.c:2669)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n\nWARNING: CPU: 1 PID: 60 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179)\nModules linked in:\nCPU: 1 UID: 0 PID: 60 Comm: kworker/u16:2 Not tainted 6.13.0-rc5-00147-g4c1224501e9d #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:179)\nCode: 00 00 00 fc ff df 4d 8b 26 49 bd 00 01 00 00 00 00 ad de 4c 39 f5 0f 85 df 00 00 00 48 8b 74 24 08 48 89 df e8 a5 cc 12 02 90 \u003c0f\u003e 0b 90 48 8d 6b 44 be 04 00 00 00 48 89 ef e8 80 de 67 ff 48 89\nRSP: 0018:ff11000009a07b60 EFLAGS: 00010286\nRAX: 0000000000002bd3 RBX: ff1100000f4e1aa0 RCX: 1ffffffff0e40ac6\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8423ee3c\nRBP: ff1100000f4e1af0 R08: 0000000000000001 R09: fffffbfff0e395ae\nR10: 0000000000000001 R11: 0000000000036001 R12: ff1100000f4e1af0\nR13: dead000000000100 R14: ff1100000f4e1af0 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ff1100006ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9b2464bd98 CR3: 0000000005286005 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn (kernel/panic.c:748)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\n ? handle_bug (arch/x86/kernel/traps.c:285)\n ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/asm/irqflags.h:155 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? __pfx_ref_tracker_dir_exit (lib/ref_tracker.c:158)\n ? kfree (mm/slub.c:4613 mm/slub.c:4761)\n net_free (net/core/net_namespace.c:476 net/core/net_namespace.c:467)\n cleanup_net (net/core/net_namespace.c:664 (discriminator 3))\n process_one_work (kernel/workqueue.c:3229)\n worker_thread (kernel/workqueue.c:3304 kernel/workqueue.c:3391\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21678",
"url": "https://www.suse.com/security/cve/CVE-2025-21678"
},
{
"category": "external",
"summary": "SUSE Bug 1236698 for CVE-2025-21678",
"url": "https://bugzilla.suse.com/1236698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21678"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: properly synchronize freeing resources during CPU hotunplug\n\nIn zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the\ncurrent CPU at the beginning of the operation is retrieved and used\nthroughout. However, since neither preemption nor migration are disabled,\nit is possible that the operation continues on a different CPU.\n\nIf the original CPU is hotunplugged while the acomp_ctx is still in use,\nwe run into a UAF bug as some of the resources attached to the acomp_ctx\nare freed during hotunplug in zswap_cpu_comp_dead() (i.e. \nacomp_ctx.buffer, acomp_ctx.req, or acomp_ctx.acomp).\n\nThe problem was introduced in commit 1ec3b5fe6eec (\"mm/zswap: move to use\ncrypto_acomp API for hardware acceleration\") when the switch to the\ncrypto_acomp API was made. Prior to that, the per-CPU crypto_comp was\nretrieved using get_cpu_ptr() which disables preemption and makes sure the\nCPU cannot go away from under us. Preemption cannot be disabled with the\ncrypto_acomp API as a sleepable context is needed.\n\nUse the acomp_ctx.mutex to synchronize CPU hotplug callbacks allocating\nand freeing resources with compression/decompression paths. Make sure\nthat acomp_ctx.req is NULL when the resources are freed. In the\ncompression/decompression paths, check if acomp_ctx.req is NULL after\nacquiring the mutex (meaning the CPU was offlined) and retry on the new\nCPU.\n\nThe initialization of acomp_ctx.mutex is moved from the CPU hotplug\ncallback to the pool initialization where it belongs (where the mutex is\nallocated). In addition to adding clarity, this makes sure that CPU\nhotplug cannot reinitialize a mutex that is already locked by\ncompression/decompression.\n\nPreviously a fix was attempted by holding cpus_read_lock() [1]. This\nwould have caused a potential deadlock as it is possible for code already\nholding the lock to fall into reclaim and enter zswap (causing a\ndeadlock). A fix was also attempted using SRCU for synchronization, but\nJohannes pointed out that synchronize_srcu() cannot be used in CPU hotplug\nnotifiers [2].\n\nAlternative fixes that were considered/attempted and could have worked:\n- Refcounting the per-CPU acomp_ctx. This involves complexity in\n handling the race between the refcount dropping to zero in\n zswap_[de]compress() and the refcount being re-initialized when the\n CPU is onlined.\n- Disabling migration before getting the per-CPU acomp_ctx [3], but\n that\u0027s discouraged and is a much bigger hammer than needed, and could\n result in subtle performance issues.\n\n[1]https://lkml.kernel.org/20241219212437.2714151-1-yosryahmed@google.com/\n[2]https://lkml.kernel.org/20250107074724.1756696-2-yosryahmed@google.com/\n[3]https://lkml.kernel.org/20250107222236.2715883-2-yosryahmed@google.com/\n\n[yosryahmed@google.com: remove comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21693",
"url": "https://www.suse.com/security/cve/CVE-2025-21693"
},
{
"category": "external",
"summary": "SUSE Bug 1237029 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "external",
"summary": "SUSE Bug 1237047 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21701",
"url": "https://www.suse.com/security/cve/CVE-2025-21701"
},
{
"category": "external",
"summary": "SUSE Bug 1237164 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "external",
"summary": "SUSE Bug 1245805 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1245805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\nqdisc becomes empty, therefore we need to reduce the backlog of the\nchild qdisc before calling it. Otherwise it would miss the opportunity\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\nsince DRR uses -\u003eqlen_notify() to maintain its active list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21703",
"url": "https://www.suse.com/security/cve/CVE-2025-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1237313 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "external",
"summary": "SUSE Bug 1245796 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1245796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can\u0027t\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm-\u003enb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device\u0027s vendor/product IDs and\nits other interfaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21704",
"url": "https://www.suse.com/security/cve/CVE-2025-21704"
},
{
"category": "external",
"summary": "SUSE Bug 1237571 for CVE-2025-21704",
"url": "https://bugzilla.suse.com/1237571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only set fullmesh for subflow endp\n\nWith the in-kernel path-manager, it is possible to change the \u0027fullmesh\u0027\nflag. The code in mptcp_pm_nl_fullmesh() expects to change it only on\n\u0027subflow\u0027 endpoints, to recreate more or less subflows using the linked\naddress.\n\nUnfortunately, the set_flags() hook was a bit more permissive, and\nallowed \u0027implicit\u0027 endpoints to get the \u0027fullmesh\u0027 flag while it is not\nallowed before.\n\nThat\u0027s what syzbot found, triggering the following warning:\n\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Modules linked in:\n CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 \u003c0f\u003e 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48\n RSP: 0018:ffffc9000d307240 EFLAGS: 00010293\n RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e\n R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0\n R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d\n FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f5fe8785d29\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29\n RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007\n RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21706",
"url": "https://www.suse.com/security/cve/CVE-2025-21706"
},
{
"category": "external",
"summary": "SUSE Bug 1238528 for CVE-2025-21706",
"url": "https://bugzilla.suse.com/1238528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: rtl8150: enable basic endpoint checking\n\nSyzkaller reports [1] encountering a common issue of utilizing a wrong\nusb endpoint type during URB submitting stage. This, in turn, triggers\na warning shown below.\n\nFor now, enable simple endpoint checking (specifically, bulk and\ninterrupt eps, testing control one is not essential) to mitigate\nthe issue with a view to do other related cosmetic changes later,\nif they are necessary.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv\u003e\nModules linked in:\nCPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617\u003e\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nCode: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8\u003e\nRSP: 0018:ffffc9000441f740 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9\nRDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001\nRBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c\nFS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733\n __dev_open+0x2d4/0x4e0 net/core/dev.c:1474\n __dev_change_flags+0x561/0x720 net/core/dev.c:8838\n dev_change_flags+0x8f/0x160 net/core/dev.c:8910\n devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177\n inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003\n sock_do_ioctl+0x116/0x280 net/socket.c:1222\n sock_ioctl+0x22e/0x6c0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fc04ef73d49\n...\n\nThis change has not been tested on real hardware.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21708",
"url": "https://www.suse.com/security/cve/CVE-2025-21708"
},
{
"category": "external",
"summary": "SUSE Bug 1239087 for CVE-2025-21708",
"url": "https://bugzilla.suse.com/1239087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rose: prevent integer overflows in rose_setsockopt()\n\nIn case of possible unpredictably large arguments passed to\nrose_setsockopt() and multiplied by extra values on top of that,\ninteger overflows may occur.\n\nDo the safest minimum and fix these issues by checking the\ncontents of \u0027opt\u0027 and returning -EINVAL if they are too large. Also,\nswitch to unsigned int and remove useless check for negative \u0027opt\u0027\nin ROSE_IDLE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21711",
"url": "https://www.suse.com/security/cve/CVE-2025-21711"
},
{
"category": "external",
"summary": "SUSE Bug 1239114 for CVE-2025-21711",
"url": "https://bugzilla.suse.com/1239114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP use after free\n\nPrevent double queueing of implicit ODP mr destroy work by using\n__xa_cmpxchg() to make sure this is the only time we are destroying this\nspecific mr.\n\nWithout this change, we could try to invalidate this mr twice, which in\nturn could result in queuing a MR work destroy twice, and eventually the\nsecond work could execute after the MR was freed due to the first work,\ncausing a user after free and trace below.\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130\n Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\n CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]\n RIP: 0010:refcount_warn_saturate+0x12b/0x130\n Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff \u003c0f\u003e 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff\n RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027\n RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0\n RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019\n R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00\n R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0\n FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0x12b/0x130\n free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]\n process_one_work+0x1cc/0x3c0\n worker_thread+0x218/0x3c0\n kthread+0xc6/0xf0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21714",
"url": "https://www.suse.com/security/cve/CVE-2025-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1237890 for CVE-2025-21714",
"url": "https://bugzilla.suse.com/1237890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: fix timer races against user threads\n\nRose timers only acquire the socket spinlock, without\nchecking if the socket is owned by one user thread.\n\nAdd a check and rearm the timers if needed.\n\nBUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\nRead of size 2 at addr ffff88802f09b82a by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\n call_timer_fn+0x187/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430\n run_timer_base kernel/time/timer.c:2439 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21718",
"url": "https://www.suse.com/security/cve/CVE-2025-21718"
},
{
"category": "external",
"summary": "SUSE Bug 1239073 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "external",
"summary": "SUSE Bug 1239074 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix possible crash when setting up bsg fails\n\nIf bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.\nConsequently, in mpi3mr_bsg_exit(), the condition \"if(!mrioc-\u003ebsg_queue)\"\nwill not be satisfied, preventing execution from entering\nbsg_remove_queue(), which could lead to the following crash:\n\nBUG: kernel NULL pointer dereference, address: 000000000000041c\nCall Trace:\n \u003cTASK\u003e\n mpi3mr_bsg_exit+0x1f/0x50 [mpi3mr]\n mpi3mr_remove+0x6f/0x340 [mpi3mr]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x19d/0x220\n unbind_store+0xa4/0xb0\n kernfs_fop_write_iter+0x11f/0x200\n vfs_write+0x1fc/0x3e0\n ksys_write+0x67/0xe0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0xe2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21723",
"url": "https://www.suse.com/security/cve/CVE-2025-21723"
},
{
"category": "external",
"summary": "SUSE Bug 1238864 for CVE-2025-21723",
"url": "https://bugzilla.suse.com/1238864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: avoid UAF for reorder_work\n\nAlthough the previous patch can avoid ps and ps UAF for _do_serial, it\ncan not avoid potential UAF issue for reorder_work. This issue can\nhappen just as below:\n\ncrypto_request\t\t\tcrypto_request\t\tcrypto_del_alg\npadata_do_serial\n ...\n padata_reorder\n // processes all remaining\n // requests then breaks\n while (1) {\n if (!padata)\n break;\n ...\n }\n\n\t\t\t\tpadata_do_serial\n\t\t\t\t // new request added\n\t\t\t\t list_add\n // sees the new request\n queue_work(reorder_work)\n\t\t\t\t padata_reorder\n\t\t\t\t queue_work_on(squeue-\u003ework)\n...\n\n\t\t\t\t\u003ckworker context\u003e\n\t\t\t\tpadata_serial_worker\n\t\t\t\t// completes new request,\n\t\t\t\t// no more outstanding\n\t\t\t\t// requests\n\n\t\t\t\t\t\t\tcrypto_del_alg\n\t\t\t\t\t\t\t // free pd\n\n\u003ckworker context\u003e\ninvoke_padata_reorder\n // UAF of pd\n\nTo avoid UAF for \u0027reorder_work\u0027, get \u0027pd\u0027 ref before put \u0027reorder_work\u0027\ninto the \u0027serial_wq\u0027 and put \u0027pd\u0027 ref until the \u0027serial_wq\u0027 finish.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21726",
"url": "https://www.suse.com/security/cve/CVE-2025-21726"
},
{
"category": "external",
"summary": "SUSE Bug 1238865 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "external",
"summary": "SUSE Bug 1240837 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1240837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: fix UAF in padata_reorder\n\nA bug was found when run ltp test:\n\nBUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0\nRead of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206\n\nCPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+\nWorkqueue: pdecrypt_parallel padata_parallel_worker\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x32/0x50\nprint_address_description.constprop.0+0x6b/0x3d0\nprint_report+0xdd/0x2c0\nkasan_report+0xa5/0xd0\npadata_find_next+0x29/0x1a0\npadata_reorder+0x131/0x220\npadata_parallel_worker+0x3d/0xc0\nprocess_one_work+0x2ec/0x5a0\n\nIf \u0027mdelay(10)\u0027 is added before calling \u0027padata_find_next\u0027 in the\n\u0027padata_reorder\u0027 function, this issue could be reproduced easily with\nltp test (pcrypt_aead01).\n\nThis can be explained as bellow:\n\npcrypt_aead_encrypt\n...\npadata_do_parallel\nrefcount_inc(\u0026pd-\u003erefcnt); // add refcnt\n...\npadata_do_serial\npadata_reorder // pd\nwhile (1) {\npadata_find_next(pd, true); // using pd\nqueue_work_on\n...\npadata_serial_worker\t\t\t\tcrypto_del_alg\npadata_put_pd_cnt // sub refcnt\n\t\t\t\t\t\tpadata_free_shell\n\t\t\t\t\t\tpadata_put_pd(ps-\u003epd);\n\t\t\t\t\t\t// pd is freed\n// loop again, but pd is freed\n// call padata_find_next, UAF\n}\n\nIn the padata_reorder function, when it loops in \u0027while\u0027, if the alg is\ndeleted, the refcnt may be decreased to 0 before entering\n\u0027padata_find_next\u0027, which leads to UAF.\n\nAs mentioned in [1], do_serial is supposed to be called with BHs disabled\nand always happen under RCU protection, to address this issue, add\nsynchronize_rcu() in \u0027padata_free_shell\u0027 wait for all _do_serial calls\nto finish.\n\n[1] https://lore.kernel.org/all/20221028160401.cccypv4euxikusiq@parnassus.localdomain/\n[2] https://lore.kernel.org/linux-kernel/jfjz5d7zwbytztackem7ibzalm5lnxldi2eofeiczqmqs2m7o6@fq426cwnjtkm/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21727",
"url": "https://www.suse.com/security/cve/CVE-2025-21727"
},
{
"category": "external",
"summary": "SUSE Bug 1237876 for CVE-2025-21727",
"url": "https://bugzilla.suse.com/1237876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: don\u0027t allow reconnect after disconnect\n\nFollowing process can cause nbd_config UAF:\n\n1) grab nbd_config temporarily;\n\n2) nbd_genl_disconnect() flush all recv_work() and release the\ninitial reference:\n\n nbd_genl_disconnect\n nbd_disconnect_and_put\n nbd_disconnect\n flush_workqueue(nbd-\u003erecv_workq)\n if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...))\n nbd_config_put\n -\u003e due to step 1), reference is still not zero\n\n3) nbd_genl_reconfigure() queue recv_work() again;\n\n nbd_genl_reconfigure\n config = nbd_get_config_unlocked(nbd)\n if (!config)\n -\u003e succeed\n if (!test_bit(NBD_RT_BOUND, ...))\n -\u003e succeed\n nbd_reconnect_socket\n queue_work(nbd-\u003erecv_workq, \u0026args-\u003ework)\n\n4) step 1) release the reference;\n\n5) Finially, recv_work() will trigger UAF:\n\n recv_work\n nbd_config_put(nbd)\n -\u003e nbd_config is freed\n atomic_dec(\u0026config-\u003erecv_threads)\n -\u003e UAF\n\nFix the problem by clearing NBD_RT_BOUND in nbd_genl_disconnect(), so\nthat nbd_genl_reconfigure() will fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21731",
"url": "https://www.suse.com/security/cve/CVE-2025-21731"
},
{
"category": "external",
"summary": "SUSE Bug 1237881 for CVE-2025-21731",
"url": "https://bugzilla.suse.com/1237881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error\n\nThis patch addresses a race condition for an ODP MR that can result in a\nCQE with an error on the UMR QP.\n\nDuring the __mlx5_ib_dereg_mr() flow, the following sequence of calls\noccurs:\n\nmlx5_revoke_mr()\n mlx5r_umr_revoke_mr()\n mlx5r_umr_post_send_wait()\n\nAt this point, the lkey is freed from the hardware\u0027s perspective.\n\nHowever, concurrently, mlx5_ib_invalidate_range() might be triggered by\nanother task attempting to invalidate a range for the same freed lkey.\n\nThis task will:\n - Acquire the umem_odp-\u003eumem_mutex lock.\n - Call mlx5r_umr_update_xlt() on the UMR QP.\n - Since the lkey has already been freed, this can lead to a CQE error,\n causing the UMR QP to enter an error state [1].\n\nTo resolve this race condition, the umem_odp-\u003eumem_mutex lock is now also\nacquired as part of the mlx5_revoke_mr() scope. Upon successful revoke,\nwe set umem_odp-\u003eprivate which points to that MR to NULL, preventing any\nfurther invalidation attempts on its lkey.\n\n[1] From dmesg:\n\n infiniband rocep8s0f0: dump_cqe:277:(pid 0): WC error: 6, Message: memory bind operation error\n cqe_dump: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000030: 00 00 00 00 08 00 78 06 25 00 11 b9 00 0e dd d2\n\n WARNING: CPU: 15 PID: 1506 at drivers/infiniband/hw/mlx5/umr.c:394 mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n Modules linked in: ip6table_mangle ip6table_natip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\n CPU: 15 UID: 0 PID: 1506 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1626\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n [..]\n Call Trace:\n \u003cTASK\u003e\n mlx5r_umr_update_xlt+0x23c/0x3e0 [mlx5_ib]\n mlx5_ib_invalidate_range+0x2e1/0x330 [mlx5_ib]\n __mmu_notifier_invalidate_range_start+0x1e1/0x240\n zap_page_range_single+0xf1/0x1a0\n madvise_vma_behavior+0x677/0x6e0\n do_madvise+0x1a2/0x4b0\n __x64_sys_madvise+0x25/0x30\n do_syscall_64+0x6b/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21732",
"url": "https://www.suse.com/security/cve/CVE-2025-21732"
},
{
"category": "external",
"summary": "SUSE Bug 1237877 for CVE-2025-21732",
"url": "https://bugzilla.suse.com/1237877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix resetting of tracepoints\n\nIf a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD\ndisabled, but then that option is enabled and timerlat is removed, the\ntracepoints that were enabled on timerlat registration do not get\ndisabled. If the option is disabled again and timelat is started, then it\ntriggers a warning in the tracepoint code due to registering the\ntracepoint again without ever disabling it.\n\nDo not use the same user space defined options to know to disable the\ntracepoints when timerlat is removed. Instead, set a global flag when it\nis enabled and use that flag to know to disable the events.\n\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n ~# echo OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo nop \u003e /sys/kernel/tracing/current_tracer\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n\nTriggers:\n\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0\n Modules linked in:\n CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:tracepoint_add_func+0x3b6/0x3f0\n Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff \u003c0f\u003e 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b\n RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202\n RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410\n RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002\n R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001\n R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008\n FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __warn.cold+0xb7/0x14d\n ? tracepoint_add_func+0x3b6/0x3f0\n ? report_bug+0xea/0x170\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? tracepoint_add_func+0x3b6/0x3f0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n tracepoint_probe_register+0x78/0xb0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n osnoise_workload_start+0x2b5/0x370\n timerlat_tracer_init+0x76/0x1b0\n tracing_set_tracer+0x244/0x400\n tracing_set_trace_write+0xa0/0xe0\n vfs_write+0xfc/0x570\n ? do_sys_openat2+0x9c/0xe0\n ksys_write+0x72/0xf0\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21733",
"url": "https://www.suse.com/security/cve/CVE-2025-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1238494 for CVE-2025-21733",
"url": "https://bugzilla.suse.com/1238494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix copy buffer page size\n\nFor non-registered buffer, fastrpc driver copies the buffer and\npass it to the remote subsystem. There is a problem with current\nimplementation of page size calculation which is not considering\nthe offset in the calculation. This might lead to passing of\nimproper and out-of-bounds page size which could result in\nmemory issue. Calculate page start and page end using the offset\nadjusted address instead of absolute address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21734",
"url": "https://www.suse.com/security/cve/CVE-2025-21734"
},
{
"category": "external",
"summary": "SUSE Bug 1238734 for CVE-2025-21734",
"url": "https://bugzilla.suse.com/1238734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Add bounds checking in nci_hci_create_pipe()\n\nThe \"pipe\" variable is a u8 which comes from the network. If it\u0027s more\nthan 127, then it results in memory corruption in the caller,\nnci_hci_connect_gate().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21735",
"url": "https://www.suse.com/security/cve/CVE-2025-21735"
},
{
"category": "external",
"summary": "SUSE Bug 1238497 for CVE-2025-21735",
"url": "https://bugzilla.suse.com/1238497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix possible int overflows in nilfs_fiemap()\n\nSince nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result\nby being prepared to go through potentially maxblocks == INT_MAX blocks,\nthe value in n may experience an overflow caused by left shift of blkbits.\n\nWhile it is extremely unlikely to occur, play it safe and cast right hand\nexpression to wider type to mitigate the issue.\n\nFound by Linux Verification Center (linuxtesting.org) with static analysis\ntool SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21736",
"url": "https://www.suse.com/security/cve/CVE-2025-21736"
},
{
"category": "external",
"summary": "SUSE Bug 1238715 for CVE-2025-21736",
"url": "https://bugzilla.suse.com/1238715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix use-after free in init error and remove paths\n\ndevm_blk_crypto_profile_init() registers a cleanup handler to run when\nthe associated (platform-) device is being released. For UFS, the\ncrypto private data and pointers are stored as part of the ufs_hba\u0027s\ndata structure \u0027struct ufs_hba::crypto_profile\u0027. This structure is\nallocated as part of the underlying ufshcd and therefore Scsi_host\nallocation.\n\nDuring driver release or during error handling in ufshcd_pltfrm_init(),\nthis structure is released as part of ufshcd_dealloc_host() before the\n(platform-) device associated with the crypto call above is released.\nOnce this device is released, the crypto cleanup code will run, using\nthe just-released \u0027struct ufs_hba::crypto_profile\u0027. This causes a\nuse-after-free situation:\n\n Call trace:\n kfree+0x60/0x2d8 (P)\n kvfree+0x44/0x60\n blk_crypto_profile_destroy_callback+0x28/0x70\n devm_action_release+0x1c/0x30\n release_nodes+0x6c/0x108\n devres_release_all+0x98/0x100\n device_unbind_cleanup+0x20/0x70\n really_probe+0x218/0x2d0\n\nIn other words, the initialisation code flow is:\n\n platform-device probe\n ufshcd_pltfrm_init()\n ufshcd_alloc_host()\n scsi_host_alloc()\n allocation of struct ufs_hba\n creation of scsi-host devices\n devm_blk_crypto_profile_init()\n devm registration of cleanup handler using platform-device\n\nand during error handling of ufshcd_pltfrm_init() or during driver\nremoval:\n\n ufshcd_dealloc_host()\n scsi_host_put()\n put_device(scsi-host)\n release of struct ufs_hba\n put_device(platform-device)\n crypto cleanup handler\n\nTo fix this use-after free, change ufshcd_alloc_host() to register a\ndevres action to automatically cleanup the underlying SCSI device on\nufshcd destruction, without requiring explicit calls to\nufshcd_dealloc_host(). This way:\n\n * the crypto profile and all other ufs_hba-owned resources are\n destroyed before SCSI (as they\u0027ve been registered after)\n * a memleak is plugged in tc-dwc-g210-pci.c remove() as a\n side-effect\n * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as\n it\u0027s not needed anymore\n * no future drivers using ufshcd_alloc_host() could ever forget\n adding the cleanup",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21739",
"url": "https://www.suse.com/security/cve/CVE-2025-21739"
},
{
"category": "external",
"summary": "SUSE Bug 1238506 for CVE-2025-21739",
"url": "https://bugzilla.suse.com/1238506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix DPE OoB read\n\nFix an out-of-bounds DPE read, limit the number of processed DPEs to\nthe amount that fits into the fixed-size NDP16 header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21741",
"url": "https://www.suse.com/security/cve/CVE-2025-21741"
},
{
"category": "external",
"summary": "SUSE Bug 1238767 for CVE-2025-21741",
"url": "https://bugzilla.suse.com/1238767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: use static NDP16 location in URB\n\nOriginal code allowed for the start of NDP16 to be anywhere within the\nURB based on the `wNdpIndex` value in NTH16. Only the start position of\nNDP16 was checked, so it was possible for even the fixed-length part\nof NDP16 to extend past the end of URB, leading to an out-of-bounds\nread.\n\nOn iOS devices, the NDP16 header always directly follows NTH16. Rely on\nand check for this specific format.\n\nThis, along with NCM-specific minimal URB length check that already\nexists, will ensure that the fixed-length part of NDP16 plus a set\namount of DPEs fit within the URB.\n\nNote that this commit alone does not fully address the OoB read.\nThe limit on the amount of DPEs needs to be enforced separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21742",
"url": "https://www.suse.com/security/cve/CVE-2025-21742"
},
{
"category": "external",
"summary": "SUSE Bug 1238771 for CVE-2025-21742",
"url": "https://bugzilla.suse.com/1238771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix possible overflow in DPE length check\n\nOriginally, it was possible for the DPE length check to overflow if\nwDatagramIndex + wDatagramLength \u003e U16_MAX. This could lead to an OoB\nread.\n\nMove the wDatagramIndex term to the other side of the inequality.\n\nAn existing condition ensures that wDatagramIndex \u003c urb-\u003eactual_length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21743",
"url": "https://www.suse.com/security/cve/CVE-2025-21743"
},
{
"category": "external",
"summary": "SUSE Bug 1238781 for CVE-2025-21743",
"url": "https://bugzilla.suse.com/1238781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()\n\nOn removal of the device or unloading of the kernel module a potential NULL\npointer dereference occurs.\n\nThe following sequence deletes the interface:\n\n brcmf_detach()\n brcmf_remove_interface()\n brcmf_del_if()\n\nInside the brcmf_del_if() function the drvr-\u003eif2bss[ifidx] is updated to\nBRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.\n\nAfter brcmf_remove_interface() call the brcmf_proto_detach() function is\ncalled providing the following sequence:\n\n brcmf_detach()\n brcmf_proto_detach()\n brcmf_proto_msgbuf_detach()\n brcmf_flowring_detach()\n brcmf_msgbuf_delete_flowring()\n brcmf_msgbuf_remove_flowring()\n brcmf_flowring_delete()\n brcmf_get_ifp()\n brcmf_txfinalize()\n\nSince brcmf_get_ip() can and actually will return NULL in this case the\ncall to brcmf_txfinalize() will result in a NULL pointer dereference inside\nbrcmf_txfinalize() when trying to update ifp-\u003endev-\u003estats.tx_errors.\n\nThis will only happen if a flowring still has an skb.\n\nAlthough the NULL pointer dereference has only been seen when trying to\nupdate the tx statistic, all other uses of the ifp pointer have been\nguarded as well with an early return if ifp is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21744",
"url": "https://www.suse.com/security/cve/CVE-2025-21744"
},
{
"category": "external",
"summary": "SUSE Bug 1238903 for CVE-2025-21744",
"url": "https://bugzilla.suse.com/1238903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\n\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\nclass_dev_iter_(init|next)(), but does not end iterating with\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\n\nFix by ending the iterating with class_dev_iter_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21745",
"url": "https://www.suse.com/security/cve/CVE-2025-21745"
},
{
"category": "external",
"summary": "SUSE Bug 1238785 for CVE-2025-21745",
"url": "https://bugzilla.suse.com/1238785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: lock the socket in rose_bind()\n\nsyzbot reported a soft lockup in rose_loopback_timer(),\nwith a repro calling bind() from multiple threads.\n\nrose_bind() must lock the socket to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21749",
"url": "https://www.suse.com/security/cve/CVE-2025-21749"
},
{
"category": "external",
"summary": "SUSE Bug 1238904 for CVE-2025-21749",
"url": "https://bugzilla.suse.com/1238904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "low"
}
],
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the return value of of_property_read_string_index()\n\nSomewhen between 6.10 and 6.11 the driver started to crash on my\nMacBookPro14,3. The property doesn\u0027t exist and \u0027tmp\u0027 remains\nuninitialized, so we pass a random pointer to devm_kstrdup().\n\nThe crash I am getting looks like this:\n\nBUG: unable to handle page fault for address: 00007f033c669379\nPF: supervisor read access in kernel mode\nPF: error_code(0x0001) - permissions violation\nPGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025\nOops: Oops: 0001 [#1] SMP PTI\nCPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1\nHardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024\nRIP: 0010:strlen+0x4/0x30\nCode: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c80\u003e 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc\nRSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202\nRAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001\nRDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379\nRBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a\nR10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8\nR13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30\nFS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x149/0x4c0\n ? raw_spin_rq_lock_nested+0xe/0x20\n ? sched_balance_newidle+0x22b/0x3c0\n ? update_load_avg+0x78/0x770\n ? exc_page_fault+0x6f/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_pci_conf1_write+0x10/0x10\n ? strlen+0x4/0x30\n devm_kstrdup+0x25/0x70\n brcmf_of_probe+0x273/0x350 [brcmfmac]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21750",
"url": "https://www.suse.com/security/cve/CVE-2025-21750"
},
{
"category": "external",
"summary": "SUSE Bug 1238905 for CVE-2025-21750",
"url": "https://bugzilla.suse.com/1238905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it\u0027s aborted,\nwe read its \u0027aborted\u0027 field after unlocking fs_info-\u003etrans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its \u0027aborted\u0027 field, leading to a use-after-free.\n\nFix this by reading the \u0027aborted\u0027 field while holding fs_info-\u003etrans_lock\nsince any freeing task must first acquire that lock and set\nfs_info-\u003erunning_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21753",
"url": "https://www.suse.com/security/cve/CVE-2025-21753"
},
{
"category": "external",
"summary": "SUSE Bug 1237875 for CVE-2025-21753",
"url": "https://bugzilla.suse.com/1237875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion failure when splitting ordered extent after transaction abort\n\nIf while we are doing a direct IO write a transaction abort happens, we\nmark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done\nat btrfs_destroy_ordered_extents()), and then after that if we enter\nbtrfs_split_ordered_extent() and the ordered extent has bytes left\n(meaning we have a bio that doesn\u0027t cover the whole ordered extent, see\ndetails at btrfs_extract_ordered_extent()), we will fail on the following\nassertion at btrfs_split_ordered_extent():\n\n ASSERT(!(flags \u0026 ~BTRFS_ORDERED_TYPE_FLAGS));\n\nbecause the BTRFS_ORDERED_IOERR flag is set and the definition of\nBTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the\ntype of write (regular, nocow, prealloc, compressed, direct IO, encoded).\n\nFix this by returning an error from btrfs_extract_ordered_extent() if we\nfind the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will\nbe the error that resulted in the transaction abort or -EIO if no\ntransaction abort happened.\n\nThis was recently reported by syzbot with the following trace:\n\n FAULT_INJECTION: forcing a failure.\n name failslab, interval 1, probability 0, space 0, times 1\n CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n fail_dump lib/fault-inject.c:53 [inline]\n should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154\n should_failslab+0xac/0x100 mm/failslab.c:46\n slab_pre_alloc_hook mm/slub.c:4072 [inline]\n slab_alloc_node mm/slub.c:4148 [inline]\n __do_kmalloc_node mm/slub.c:4297 [inline]\n __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742\n reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292\n check_system_chunk fs/btrfs/block-group.c:4319 [inline]\n do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]\n btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187\n find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]\n find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579\n btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672\n btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]\n btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321\n btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525\n iomap_iter+0x697/0xf60 fs/iomap/iter.c:90\n __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702\n btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]\n btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880\n btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_pwritev fs/read_write.c:1146 [inline]\n __do_sys_pwritev2 fs/read_write.c:1204 [inline]\n __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f1281f85d29\n RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148\n RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29\n RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005\n RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003\n R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002\n R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328\n \u003c/TASK\u003e\n BTRFS error (device loop0 state A): Transaction aborted (error -12)\n BTRFS: error (device loop0 state A\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21754",
"url": "https://www.suse.com/security/cve/CVE-2025-21754"
},
{
"category": "external",
"summary": "SUSE Bug 1238496 for CVE-2025-21754",
"url": "https://bugzilla.suse.com/1238496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Keep the binding until socket destruction\n\nPreserve sockets bindings; this includes both resulting from an explicit\nbind() and those implicitly bound through autobind during connect().\n\nPrevents socket unbinding during a transport reassignment, which fixes a\nuse-after-free:\n\n 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2)\n 2. transport-\u003erelease() calls vsock_remove_bound() without checking if\n sk was bound and moved to bound list (refcnt=1)\n 3. vsock_bind() assumes sk is in unbound list and before\n __vsock_insert_bound(vsock_bound_sockets()) calls\n __vsock_remove_bound() which does:\n list_del_init(\u0026vsk-\u003ebound_table); // nop\n sock_put(\u0026vsk-\u003esk); // refcnt=0\n\nBUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730\nRead of size 4 at addr ffff88816b46a74c by task a.out/2057\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n __vsock_bind+0x62e/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAllocated by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n __vsock_create.constprop.0+0x2e/0xb60\n vsock_create+0xe4/0x420\n __sock_create+0x241/0x650\n __sys_socket+0xf2/0x1a0\n __x64_sys_socket+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n __vsock_bind+0x5e1/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150\nRIP: 0010:refcount_warn_saturate+0xce/0x150\n __vsock_bind+0x66d/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150\nRIP: 0010:refcount_warn_saturate+0xee/0x150\n vsock_remove_bound+0x187/0x1e0\n __vsock_release+0x383/0x4a0\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x359/0xa80\n task_work_run+0x107/0x1d0\n do_exit+0x847/0x2560\n do_group_exit+0xb8/0x250\n __x64_sys_exit_group+0x3a/0x50\n x64_sys_call+0xfec/0x14f0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21756",
"url": "https://www.suse.com/security/cve/CVE-2025-21756"
},
{
"category": "external",
"summary": "SUSE Bug 1238876 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "external",
"summary": "SUSE Bug 1245795 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1245795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: extend RCU protection in igmp6_send()\n\nigmp6_send() can be called without RTNL or RCU being held.\n\nExtend RCU protection so that we can safely fetch the net pointer\nand avoid a potential UAF.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21759",
"url": "https://www.suse.com/security/cve/CVE-2025-21759"
},
{
"category": "external",
"summary": "SUSE Bug 1238738 for CVE-2025-21759",
"url": "https://bugzilla.suse.com/1238738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21760",
"url": "https://www.suse.com/security/cve/CVE-2025-21760"
},
{
"category": "external",
"summary": "SUSE Bug 1238763 for CVE-2025-21760",
"url": "https://bugzilla.suse.com/1238763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: use RCU protection in ovs_vport_cmd_fill_info()\n\novs_vport_cmd_fill_info() can be called without RTNL or RCU.\n\nUse RCU protection and dev_net_rcu() to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21761",
"url": "https://www.suse.com/security/cve/CVE-2025-21761"
},
{
"category": "external",
"summary": "SUSE Bug 1238775 for CVE-2025-21761",
"url": "https://bugzilla.suse.com/1238775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: use RCU protection in arp_xmit()\n\narp_xmit() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21762",
"url": "https://www.suse.com/security/cve/CVE-2025-21762"
},
{
"category": "external",
"summary": "SUSE Bug 1238780 for CVE-2025-21762",
"url": "https://bugzilla.suse.com/1238780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: use RCU protection in __neigh_notify()\n\n__neigh_notify() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21763",
"url": "https://www.suse.com/security/cve/CVE-2025-21763"
},
{
"category": "external",
"summary": "SUSE Bug 1237897 for CVE-2025-21763",
"url": "https://bugzilla.suse.com/1237897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21764",
"url": "https://www.suse.com/security/cve/CVE-2025-21764"
},
{
"category": "external",
"summary": "SUSE Bug 1237885 for CVE-2025-21764",
"url": "https://bugzilla.suse.com/1237885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU protection in ip6_default_advmss()\n\nip6_default_advmss() needs rcu protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21765",
"url": "https://www.suse.com/security/cve/CVE-2025-21765"
},
{
"category": "external",
"summary": "SUSE Bug 1237906 for CVE-2025-21765",
"url": "https://bugzilla.suse.com/1237906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: use RCU protection in __ip_rt_update_pmtu()\n\n__ip_rt_update_pmtu() must use RCU protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21766",
"url": "https://www.suse.com/security/cve/CVE-2025-21766"
},
{
"category": "external",
"summary": "SUSE Bug 1238754 for CVE-2025-21766",
"url": "https://bugzilla.suse.com/1238754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21772",
"url": "https://www.suse.com/security/cve/CVE-2025-21772"
},
{
"category": "external",
"summary": "SUSE Bug 1238911 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "external",
"summary": "SUSE Bug 1238912 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial\n\nThe driver assumed that es58x_dev-\u003eudev-\u003eserial could never be NULL.\nWhile this is true on commercially available devices, an attacker\ncould spoof the device identity providing a NULL USB serial number.\nThat would trigger a NULL pointer dereference.\n\nAdd a check on es58x_dev-\u003eudev-\u003eserial before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21773",
"url": "https://www.suse.com/security/cve/CVE-2025-21773"
},
{
"category": "external",
"summary": "SUSE Bug 1238762 for CVE-2025-21773",
"url": "https://bugzilla.suse.com/1238762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ctucanfd: handle skb allocation failure\n\nIf skb allocation fails, the pointer to struct can_frame is NULL. This\nis actually handled everywhere inside ctucan_err_interrupt() except for\nthe only place.\n\nAdd the missed NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21775",
"url": "https://www.suse.com/security/cve/CVE-2025-21775"
},
{
"category": "external",
"summary": "SUSE Bug 1238501 for CVE-2025-21775",
"url": "https://bugzilla.suse.com/1238501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21776"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: hub: Ignore non-compliant devices with too many configs or interfaces\n\nRobert Morris created a test program which can cause\nusb_hub_to_struct_hub() to dereference a NULL or inappropriate\npointer:\n\nOops: general protection fault, probably for non-canonical address\n0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI\nCPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14\nHardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x31/0x80\n ? exc_general_protection+0x1b4/0x3c0\n ? asm_exc_general_protection+0x26/0x30\n ? usb_hub_adjust_deviceremovable+0x78/0x110\n hub_probe+0x7c7/0xab0\n usb_probe_interface+0x14b/0x350\n really_probe+0xd0/0x2d0\n ? __pfx___device_attach_driver+0x10/0x10\n __driver_probe_device+0x6e/0x110\n driver_probe_device+0x1a/0x90\n __device_attach_driver+0x7e/0xc0\n bus_for_each_drv+0x7f/0xd0\n __device_attach+0xaa/0x1a0\n bus_probe_device+0x8b/0xa0\n device_add+0x62e/0x810\n usb_set_configuration+0x65d/0x990\n usb_generic_driver_probe+0x4b/0x70\n usb_probe_device+0x36/0xd0\n\nThe cause of this error is that the device has two interfaces, and the\nhub driver binds to interface 1 instead of interface 0, which is where\nusb_hub_to_struct_hub() looks.\n\nWe can prevent the problem from occurring by refusing to accept hub\ndevices that violate the USB spec by having more than one\nconfiguration or interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21776",
"url": "https://www.suse.com/security/cve/CVE-2025-21776"
},
{
"category": "external",
"summary": "SUSE Bug 1238909 for CVE-2025-21776",
"url": "https://bugzilla.suse.com/1238909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel\n\nAdvertise support for Hyper-V\u0027s SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don\u0027t rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n dump_stack+0xbe/0xfd\n __kasan_report.cold+0x34/0x84\n kasan_report+0x3a/0x50\n __apic_accept_irq+0x3a/0x5c0\n kvm_hv_send_ipi.isra.0+0x34e/0x820\n kvm_hv_hypercall+0x8d9/0x9d0\n kvm_emulate_hypercall+0x506/0x7e0\n __vmx_handle_exit+0x283/0xb60\n vmx_handle_exit+0x1d/0xd0\n vcpu_enter_guest+0x16b0/0x24c0\n vcpu_run+0xc0/0x550\n kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n kvm_vcpu_ioctl+0x413/0xb20\n __se_sys_ioctl+0x111/0x160\n do_syscal1_64+0x30/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan\u0027t be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21779",
"url": "https://www.suse.com/security/cve/CVE-2025-21779"
},
{
"category": "external",
"summary": "SUSE Bug 1238768 for CVE-2025-21779",
"url": "https://bugzilla.suse.com/1238768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21780"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21780",
"url": "https://www.suse.com/security/cve/CVE-2025-21780"
},
{
"category": "external",
"summary": "SUSE Bug 1239115 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "external",
"summary": "SUSE Bug 1239116 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix panic during interface removal\n\nReference counting is used to ensure that\nbatadv_hardif_neigh_node and batadv_hard_iface\nare not freed before/during\nbatadv_v_elp_throughput_metric_update work is\nfinished.\n\nBut there isn\u0027t a guarantee that the hard if will\nremain associated with a soft interface up until\nthe work is finished.\n\nThis fixes a crash triggered by reboot that looks\nlike this:\n\nCall trace:\n batadv_v_mesh_free+0xd0/0x4dc [batman_adv]\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x178/0x398\n worker_thread+0x2e8/0x4d0\n kthread+0xd8/0xdc\n ret_from_fork+0x10/0x20\n\n(the batadv_v_mesh_free call is misleading,\nand does not actually happen)\n\nI was able to make the issue happen more reliably\nby changing hardif_neigh-\u003ebat_v.metric_work work\nto be delayed work. This allowed me to track down\nand confirm the fix.\n\n[sven@narfation.org: prevent entering batadv_v_elp_get_throughput without\n soft_iface]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21781",
"url": "https://www.suse.com/security/cve/CVE-2025-21781"
},
{
"category": "external",
"summary": "SUSE Bug 1238735 for CVE-2025-21781",
"url": "https://bugzilla.suse.com/1238735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix a oob in orangefs_debug_write\n\nI got a syzbot report: slab-out-of-bounds Read in\norangefs_debug_write... several people suggested fixes,\nI tested Al Viro\u0027s suggestion and made this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21782",
"url": "https://www.suse.com/security/cve/CVE-2025-21782"
},
{
"category": "external",
"summary": "SUSE Bug 1239117 for CVE-2025-21782",
"url": "https://bugzilla.suse.com/1239117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()\n\nIn function psp_init_cap_microcode(), it should bail out when failed to\nload firmware, otherwise it may cause invalid memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21784",
"url": "https://www.suse.com/security/cve/CVE-2025-21784"
},
{
"category": "external",
"summary": "SUSE Bug 1238510 for CVE-2025-21784",
"url": "https://bugzilla.suse.com/1238510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\n\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21785",
"url": "https://www.suse.com/security/cve/CVE-2025-21785"
},
{
"category": "external",
"summary": "SUSE Bug 1238747 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "external",
"summary": "SUSE Bug 1240745 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1240745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sn-f-ospi: Fix division by zero\n\nWhen there is no dummy cycle in the spi-nor commands, both dummy bus cycle\nbytes and width are zero. Because of the cpu\u0027s warning when divided by\nzero, the warning should be avoided. Return just zero to avoid such\ncalculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21793",
"url": "https://www.suse.com/security/cve/CVE-2025-21793"
},
{
"category": "external",
"summary": "SUSE Bug 1238500 for CVE-2025-21793",
"url": "https://bugzilla.suse.com/1238500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21794",
"url": "https://www.suse.com/security/cve/CVE-2025-21794"
},
{
"category": "external",
"summary": "SUSE Bug 1238502 for CVE-2025-21794",
"url": "https://bugzilla.suse.com/1238502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: clear acl_access/acl_default after releasing them\n\nIf getting acl_default fails, acl_access and acl_default will be released\nsimultaneously. However, acl_access will still retain a pointer pointing\nto the released posix_acl, which will trigger a WARNING in\nnfs3svc_release_getacl like this:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 26 PID: 3199 at lib/refcount.c:28\nrefcount_warn_saturate+0xb5/0x170\nModules linked in:\nCPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted\n6.12.0-rc6-00079-g04ae226af01f-dirty #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb5/0x170\nCode: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75\ne4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff \u003c0f\u003e 0b eb\ncd 0f b6 1d 8a3\nRSP: 0018:ffffc90008637cd8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380\nRBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56\nR10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0\nFS: 0000000000000000(0000) GS:ffff88871ed00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xb5/0x170\n ? __warn+0xa5/0x140\n ? refcount_warn_saturate+0xb5/0x170\n ? report_bug+0x1b1/0x1e0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? tick_nohz_tick_stopped+0x1e/0x40\n ? refcount_warn_saturate+0xb5/0x170\n ? refcount_warn_saturate+0xb5/0x170\n nfs3svc_release_getacl+0xc9/0xe0\n svc_process_common+0x5db/0xb60\n ? __pfx_svc_process_common+0x10/0x10\n ? __rcu_read_unlock+0x69/0xa0\n ? __pfx_nfsd_dispatch+0x10/0x10\n ? svc_xprt_received+0xa1/0x120\n ? xdr_init_decode+0x11d/0x190\n svc_process+0x2a7/0x330\n svc_handle_xprt+0x69d/0x940\n svc_recv+0x180/0x2d0\n nfsd+0x168/0x200\n ? __pfx_nfsd+0x10/0x10\n kthread+0x1a2/0x1e0\n ? kthread+0xf4/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nClear acl_access/acl_default after posix_acl_release is called to prevent\nUAF from being triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21796",
"url": "https://www.suse.com/security/cve/CVE-2025-21796"
},
{
"category": "external",
"summary": "SUSE Bug 1238716 for CVE-2025-21796",
"url": "https://bugzilla.suse.com/1238716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()\n\nThe rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()\nmacro to request a needed resource. A string variable that lives on the\nstack is then used to store a dynamically computed resource name, which\nis then passed on as one of the macro arguments. This can lead to\nundefined behavior.\n\nDepending on the current contents of the memory, the manifestations of\nerrors may vary. One possible output may be as follows:\n\n $ cat /proc/iomem\n 30000000-37ffffff :\n 38000000-3fffffff :\n\nSometimes, garbage may appear after the colon.\n\nIn very rare cases, if no NULL-terminator is found in memory, the system\nmight crash because the string iterator will overrun which can lead to\naccess of unmapped memory above the stack.\n\nThus, fix this by replacing outbound_name with the name of the previously\nrequested resource. With the changes applied, the output will be as\nfollows:\n\n $ cat /proc/iomem\n 30000000-37ffffff : memory2\n 38000000-3fffffff : memory3\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21804",
"url": "https://www.suse.com/security/cve/CVE-2025-21804"
},
{
"category": "external",
"summary": "SUSE Bug 1238736 for CVE-2025-21804",
"url": "https://bugzilla.suse.com/1238736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: class: Fix wild pointer dereferences in API class_dev_iter_next()\n\nThere are a potential wild pointer dereferences issue regarding APIs\nclass_dev_iter_(init|next|exit)(), as explained by below typical usage:\n\n// All members of @iter are wild pointers.\nstruct class_dev_iter iter;\n\n// class_dev_iter_init(@iter, @class, ...) checks parameter @class for\n// potential class_to_subsys() error, and it returns void type and does\n// not initialize its output parameter @iter, so caller can not detect\n// the error and continues to invoke class_dev_iter_next(@iter) even if\n// @iter still contains wild pointers.\nclass_dev_iter_init(\u0026iter, ...);\n\n// Dereference these wild pointers in @iter here once suffer the error.\nwhile (dev = class_dev_iter_next(\u0026iter)) { ... };\n\n// Also dereference these wild pointers here.\nclass_dev_iter_exit(\u0026iter);\n\nActually, all callers of these APIs have such usage pattern in kernel tree.\nFix by:\n- Initialize output parameter @iter by memset() in class_dev_iter_init()\n and give callers prompt by pr_crit() for the error.\n- Check if @iter is valid in class_dev_iter_next().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21810",
"url": "https://www.suse.com/security/cve/CVE-2025-21810"
},
{
"category": "external",
"summary": "SUSE Bug 1238757 for CVE-2025-21810",
"url": "https://bugzilla.suse.com/1238757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/compaction: fix UBSAN shift-out-of-bounds warning\n\nsyzkaller reported a UBSAN shift-out-of-bounds warning of (1UL \u003c\u003c order)\nin isolate_freepages_block(). The bogus compound_order can be any value\nbecause it is union with flags. Add back the MAX_PAGE_ORDER check to fix\nthe warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21815",
"url": "https://www.suse.com/security/cve/CVE-2025-21815"
},
{
"category": "external",
"summary": "SUSE Bug 1238474 for CVE-2025-21815",
"url": "https://bugzilla.suse.com/1238474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21819",
"url": "https://www.suse.com/security/cve/CVE-2025-21819"
},
{
"category": "external",
"summary": "SUSE Bug 1238994 for CVE-2025-21819",
"url": "https://bugzilla.suse.com/1238994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: xilinx_uartps: split sysrq handling\n\nlockdep detects the following circular locking dependency:\n\nCPU 0 CPU 1\n========================== ============================\ncdns_uart_isr() printk()\n uart_port_lock(port) console_lock()\n\t\t\t cdns_uart_console_write()\n if (!port-\u003esysrq)\n uart_port_lock(port)\n uart_handle_break()\n port-\u003esysrq = ...\n uart_handle_sysrq_char()\n printk()\n console_lock()\n\nThe fixed commit attempts to avoid this situation by only taking the\nport lock in cdns_uart_console_write if port-\u003esysrq unset. However, if\n(as shown above) cdns_uart_console_write runs before port-\u003esysrq is set,\nthen it will try to take the port lock anyway. This may result in a\ndeadlock.\n\nFix this by splitting sysrq handling into two parts. We use the prepare\nhelper under the port lock and defer handling until we release the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21820",
"url": "https://www.suse.com/security/cve/CVE-2025-21820"
},
{
"category": "external",
"summary": "SUSE Bug 1238479 for CVE-2025-21820",
"url": "https://bugzilla.suse.com/1238479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n Hardware name: Nokia 770\n Call trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x54/0x5c\n dump_stack_lvl from __schedule_bug+0x50/0x70\n __schedule_bug from __schedule+0x4d4/0x5bc\n __schedule from schedule+0x34/0xa0\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n clk_prepare_lock from clk_set_rate+0x18/0x154\n clk_set_rate from sossi_read_data+0x4c/0x168\n sossi_read_data from hwa742_read_reg+0x5c/0x8c\n hwa742_read_reg from send_frame_handler+0xfc/0x300\n send_frame_handler from process_pending_requests+0x74/0xd0\n process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n handle_irq_event from handle_level_irq+0x9c/0x170\n handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n generic_handle_arch_irq from call_with_stack+0x1c/0x24\n call_with_stack from __irq_svc+0x94/0xa8\n Exception stack(0xc5255da0 to 0xc5255de8)\n 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n 5de0: 60000013 ffffffff\n __irq_svc from clk_prepare_lock+0x4c/0xe4\n clk_prepare_lock from clk_get_rate+0x10/0x74\n clk_get_rate from uwire_setup_transfer+0x40/0x180\n uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n __spi_sync from spi_sync+0x24/0x40\n spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n ads7846_irq from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x120/0x228\n irq_thread from kthread+0xc8/0xe8\n kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21821",
"url": "https://www.suse.com/security/cve/CVE-2025-21821"
},
{
"category": "external",
"summary": "SUSE Bug 1239174 for CVE-2025-21821",
"url": "https://bugzilla.suse.com/1239174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Drop unmanaged ELP metric worker\n\nThe ELP worker needs to calculate new metric values for all neighbors\n\"reachable\" over an interface. Some of the used metric sources require\nlocks which might need to sleep. This sleep is incompatible with the RCU\nlist iterator used for the recorded neighbors. The initial approach to work\naround of this problem was to queue another work item per neighbor and then\nrun this in a new context.\n\nEven when this solved the RCU vs might_sleep() conflict, it has a major\nproblems: Nothing was stopping the work item in case it is not needed\nanymore - for example because one of the related interfaces was removed or\nthe batman-adv module was unloaded - resulting in potential invalid memory\naccesses.\n\nDirectly canceling the metric worker also has various problems:\n\n* cancel_work_sync for a to-be-deactivated interface is called with\n rtnl_lock held. But the code in the ELP metric worker also tries to use\n rtnl_lock() - which will never return in this case. This also means that\n cancel_work_sync would never return because it is waiting for the worker\n to finish.\n* iterating over the neighbor list for the to-be-deactivated interface is\n currently done using the RCU specific methods. Which means that it is\n possible to miss items when iterating over it without the associated\n spinlock - a behaviour which is acceptable for a periodic metric check\n but not for a cleanup routine (which must \"stop\" all still running\n workers)\n\nThe better approch is to get rid of the per interface neighbor metric\nworker and handle everything in the interface worker. The original problems\nare solved by:\n\n* creating a list of neighbors which require new metric information inside\n the RCU protected context, gathering the metric according to the new list\n outside the RCU protected context\n* only use rcu_trylock inside metric gathering code to avoid a deadlock\n when the cancel_delayed_work_sync is called in the interface removal code\n (which is called with the rtnl_lock held)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21823",
"url": "https://www.suse.com/security/cve/CVE-2025-21823"
},
{
"category": "external",
"summary": "SUSE Bug 1238475 for CVE-2025-21823",
"url": "https://bugzilla.suse.com/1238475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Cancel the running bpf_timer through kworker for PREEMPT_RT\n\nDuring the update procedure, when overwrite element in a pre-allocated\nhtab, the freeing of old_element is protected by the bucket lock. The\nreason why the bucket lock is necessary is that the old_element has\nalready been stashed in htab-\u003eextra_elems after alloc_htab_elem()\nreturns. If freeing the old_element after the bucket lock is unlocked,\nthe stashed element may be reused by concurrent update procedure and the\nfreeing of old_element will run concurrently with the reuse of the\nold_element. However, the invocation of check_and_free_fields() may\nacquire a spin-lock which violates the lockdep rule because its caller\nhas already held a raw-spin-lock (bucket lock). The following warning\nwill be reported when such race happens:\n\n BUG: scheduling while atomic: test_progs/676/0x00000003\n 3 locks held by test_progs/676:\n #0: ffffffff864b0240 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x2c0/0x830\n #1: ffff88810e961188 (\u0026htab-\u003elockdep_key){....}-{2:2}, at: htab_map_update_elem+0x306/0x1500\n #2: ffff8881f4eac1b8 (\u0026base-\u003esoftirq_expiry_lock){....}-{2:2}, at: hrtimer_cancel_wait_running+0xe9/0x1b0\n Modules linked in: bpf_testmod(O)\n Preemption disabled at:\n [\u003cffffffff817837a3\u003e] htab_map_update_elem+0x293/0x1500\n CPU: 0 UID: 0 PID: 676 Comm: test_progs Tainted: G ... 6.12.0+ #11\n Tainted: [W]=WARN, [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x57/0x70\n dump_stack+0x10/0x20\n __schedule_bug+0x120/0x170\n __schedule+0x300c/0x4800\n schedule_rtlock+0x37/0x60\n rtlock_slowlock_locked+0x6d9/0x54c0\n rt_spin_lock+0x168/0x230\n hrtimer_cancel_wait_running+0xe9/0x1b0\n hrtimer_cancel+0x24/0x30\n bpf_timer_delete_work+0x1d/0x40\n bpf_timer_cancel_and_free+0x5e/0x80\n bpf_obj_free_fields+0x262/0x4a0\n check_and_free_fields+0x1d0/0x280\n htab_map_update_elem+0x7fc/0x1500\n bpf_prog_9f90bc20768e0cb9_overwrite_cb+0x3f/0x43\n bpf_prog_ea601c4649694dbd_overwrite_timer+0x5d/0x7e\n bpf_prog_test_run_syscall+0x322/0x830\n __sys_bpf+0x135d/0x3ca0\n __x64_sys_bpf+0x75/0xb0\n x64_sys_call+0x1b5/0xa10\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n ...\n \u003c/TASK\u003e\n\nIt seems feasible to break the reuse and refill of per-cpu extra_elems\ninto two independent parts: reuse the per-cpu extra_elems with bucket\nlock being held and refill the old_element as per-cpu extra_elems after\nthe bucket lock is unlocked. However, it will make the concurrent\noverwrite procedures on the same CPU return unexpected -E2BIG error when\nthe map is full.\n\nTherefore, the patch fixes the lock problem by breaking the cancelling\nof bpf_timer into two steps for PREEMPT_RT:\n1) use hrtimer_try_to_cancel() and check its return value\n2) if the timer is running, use hrtimer_cancel() through a kworker to\n cancel it again\nConsidering that the current implementation of hrtimer_cancel() will try\nto acquire a being held softirq_expiry_lock when the current timer is\nrunning, these steps above are reasonable. However, it also has\ndownside. When the timer is running, the cancelling of the timer is\ndelayed when releasing the last map uref. The delay is also fixable\n(e.g., break the cancelling of bpf timer into two parts: one part in\nlocked scope, another one in unlocked scope), it can be revised later if\nnecessary.\n\nIt is a bit hard to decide the right fix tag. One reason is that the\nproblem depends on PREEMPT_RT which is enabled in v6.12. Considering the\nsoftirq_expiry_lock lock exists since v5.4 and bpf_timer is introduced\nin v5.15, the bpf_timer commit is used in the fixes tag and an extra\ndepends-on tag is added to state the dependency on PREEMPT_RT.\n\nDepends-on: v6.12+ with PREEMPT_RT enabled",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21825",
"url": "https://www.suse.com/security/cve/CVE-2025-21825"
},
{
"category": "external",
"summary": "SUSE Bug 1238971 for CVE-2025-21825",
"url": "https://bugzilla.suse.com/1238971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21825"
},
{
"cve": "CVE-2025-21828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t flush non-uploaded STAs\n\nIf STA state is pre-moved to AUTHORIZED (such as in IBSS\nscenarios) and insertion fails, the station is freed.\nIn this case, the driver never knew about the station,\nso trying to flush it is unexpected and may crash.\n\nCheck if the sta was uploaded to the driver before and\nfix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21828",
"url": "https://www.suse.com/security/cve/CVE-2025-21828"
},
{
"category": "external",
"summary": "SUSE Bug 1238958 for CVE-2025-21828",
"url": "https://bugzilla.suse.com/1238958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21828"
},
{
"cve": "CVE-2025-21829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the warning \"__rxe_cleanup+0x12c/0x170 [rdma_rxe]\"\n\nThe Call Trace is as below:\n\"\n \u003cTASK\u003e\n ? show_regs.cold+0x1a/0x1f\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __warn+0x84/0xd0\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? report_bug+0x105/0x180\n ? handle_bug+0x46/0x80\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __rxe_cleanup+0x124/0x170 [rdma_rxe]\n rxe_destroy_qp.cold+0x24/0x29 [rdma_rxe]\n ib_destroy_qp_user+0x118/0x190 [ib_core]\n rdma_destroy_qp.cold+0x43/0x5e [rdma_cm]\n rtrs_cq_qp_destroy.cold+0x1d/0x2b [rtrs_core]\n rtrs_srv_close_work.cold+0x1b/0x31 [rtrs_server]\n process_one_work+0x21d/0x3f0\n worker_thread+0x4a/0x3c0\n ? process_one_work+0x3f0/0x3f0\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\"\nWhen too many rdma resources are allocated, rxe needs more time to\nhandle these rdma resources. Sometimes with the current timeout, rxe\ncan not release the rdma resources correctly.\n\nCompared with other rdma drivers, a bigger timeout is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21829",
"url": "https://www.suse.com/security/cve/CVE-2025-21829"
},
{
"category": "external",
"summary": "SUSE Bug 1239030 for CVE-2025-21829",
"url": "https://bugzilla.suse.com/1239030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21829"
},
{
"cve": "CVE-2025-21830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Handle weird files\n\nA corrupted filesystem (e.g. bcachefs) might return weird files.\nInstead of throwing a warning and allowing access to such file, treat\nthem as regular files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21830",
"url": "https://www.suse.com/security/cve/CVE-2025-21830"
},
{
"category": "external",
"summary": "SUSE Bug 1239033 for CVE-2025-21830",
"url": "https://bugzilla.suse.com/1239033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21830"
},
{
"cve": "CVE-2025-21831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1\n\ncommit 9d26d3a8f1b0 (\"PCI: Put PCIe ports into D3 during suspend\") sets the\npolicy that all PCIe ports are allowed to use D3. When the system is\nsuspended if the port is not power manageable by the platform and won\u0027t be\nused for wakeup via a PME this sets up the policy for these ports to go\ninto D3hot.\n\nThis policy generally makes sense from an OSPM perspective but it leads to\nproblems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a\nspecific old BIOS. This manifests as a system hang.\n\nOn the affected Device + BIOS combination, add a quirk for the root port of\nthe problematic controller to ensure that these root ports are not put into\nD3hot at suspend.\n\nThis patch is based on\n\n https://lore.kernel.org/linux-pci/20230708214457.1229-2-mario.limonciello@amd.com\n\nbut with the added condition both in the documentation and in the code to\napply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only\nthe affected root ports.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21831",
"url": "https://www.suse.com/security/cve/CVE-2025-21831"
},
{
"category": "external",
"summary": "SUSE Bug 1239039 for CVE-2025-21831",
"url": "https://bugzilla.suse.com/1239039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21831"
},
{
"cve": "CVE-2025-21832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don\u0027t revert for -EIOCBQUEUED, like what is done in other\nspots.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21832",
"url": "https://www.suse.com/security/cve/CVE-2025-21832"
},
{
"category": "external",
"summary": "SUSE Bug 1239105 for CVE-2025-21832",
"url": "https://bugzilla.suse.com/1239105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_midi: fix MIDI Streaming descriptor lengths\n\nWhile the MIDI jacks are configured correctly, and the MIDIStreaming\nendpoint descriptors are filled with the correct information,\nbNumEmbMIDIJack and bLength are set incorrectly in these descriptors.\n\nThis does not matter when the numbers of in and out ports are equal, but\nwhen they differ the host will receive broken descriptors with\nuninitialized stack memory leaking into the descriptor for whichever\nvalue is smaller.\n\nThe precise meaning of \"in\" and \"out\" in the port counts is not clearly\ndefined and can be confusing. But elsewhere the driver consistently\nuses this to match the USB meaning of IN and OUT viewed from the host,\nso that \"in\" ports send data to the host and \"out\" ports receive data\nfrom it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21835",
"url": "https://www.suse.com/security/cve/CVE-2025-21835"
},
{
"category": "external",
"summary": "SUSE Bug 1239068 for CVE-2025-21835",
"url": "https://bugzilla.suse.com/1239068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: flush gadget workqueue after device removal\n\ndevice_del() can lead to new work being scheduled in gadget-\u003ework\nworkqueue. This is observed, for example, with the dwc3 driver with the\nfollowing call stack:\n device_del()\n gadget_unbind_driver()\n usb_gadget_disconnect_locked()\n dwc3_gadget_pullup()\n\t dwc3_gadget_soft_disconnect()\n\t usb_gadget_set_state()\n\t schedule_work(\u0026gadget-\u003ework)\n\nMove flush_work() after device_del() to ensure the workqueue is cleaned\nup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21838",
"url": "https://www.suse.com/security/cve/CVE-2025-21838"
},
{
"category": "external",
"summary": "SUSE Bug 1239065 for CVE-2025-21838",
"url": "https://bugzilla.suse.com/1239065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21838"
},
{
"cve": "CVE-2025-21844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Add check for next_buffer in receive_encrypted_standard()\n\nAdd check for the return value of cifs_buf_get() and cifs_small_buf_get()\nin receive_encrypted_standard() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21844",
"url": "https://www.suse.com/security/cve/CVE-2025-21844"
},
{
"category": "external",
"summary": "SUSE Bug 1239512 for CVE-2025-21844",
"url": "https://bugzilla.suse.com/1239512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacct: perform last write from workqueue\n\nIn [1] it was reported that the acct(2) system call can be used to\ntrigger NULL deref in cases where it is set to write to a file that\ntriggers an internal lookup. This can e.g., happen when pointing acc(2)\nto /sys/power/resume. At the point the where the write to this file\nhappens the calling task has already exited and called exit_fs(). A\nlookup will thus trigger a NULL-deref when accessing current-\u003efs.\n\nReorganize the code so that the the final write happens from the\nworkqueue but with the caller\u0027s credentials. This preserves the\n(strange) permission model and has almost no regression risk.\n\nThis api should stop to exist though.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21846",
"url": "https://www.suse.com/security/cve/CVE-2025-21846"
},
{
"category": "external",
"summary": "SUSE Bug 1239508 for CVE-2025-21846",
"url": "https://bugzilla.suse.com/1239508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()\n\nThe nullity of sps-\u003ecstream should be checked similarly as it is done in\nsof_set_stream_data_offset() function.\nAssuming that it is not NULL if sps-\u003estream is NULL is incorrect and can\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21847",
"url": "https://www.suse.com/security/cve/CVE-2025-21847"
},
{
"category": "external",
"summary": "SUSE Bug 1239471 for CVE-2025-21847",
"url": "https://bugzilla.suse.com/1239471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\n\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21848",
"url": "https://www.suse.com/security/cve/CVE-2025-21848"
},
{
"category": "external",
"summary": "SUSE Bug 1239479 for CVE-2025-21848",
"url": "https://bugzilla.suse.com/1239479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: Fix crash when a namespace is disabled\n\nThe namespace percpu counter protects pending I/O, and we can\nonly safely diable the namespace once the counter drop to zero.\nOtherwise we end up with a crash when running blktests/nvme/058\n(eg for loop transport):\n\n[ 2352.930426] [ T53909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 2352.930431] [ T53909] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n[ 2352.930434] [ T53909] CPU: 3 UID: 0 PID: 53909 Comm: kworker/u16:5 Tainted: G W 6.13.0-rc6 #232\n[ 2352.930438] [ T53909] Tainted: [W]=WARN\n[ 2352.930440] [ T53909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 2352.930443] [ T53909] Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]\n[ 2352.930449] [ T53909] RIP: 0010:blkcg_set_ioprio+0x44/0x180\n\nas the queue is already torn down when calling submit_bio();\n\nSo we need to init the percpu counter in nvmet_ns_enable(), and\nwait for it to drop to zero in nvmet_ns_disable() to avoid having\nI/O pending after the namespace has been disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21850",
"url": "https://www.suse.com/security/cve/CVE-2025-21850"
},
{
"category": "external",
"summary": "SUSE Bug 1239477 for CVE-2025-21850",
"url": "https://bugzilla.suse.com/1239477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Don\u0027t reference skb after sending to VIOS\n\nPreviously, after successfully flushing the xmit buffer to VIOS,\nthe tx_bytes stat was incremented by the length of the skb.\n\nIt is invalid to access the skb memory after sending the buffer to\nthe VIOS because, at any point after sending, the VIOS can trigger\nan interrupt to free this memory. A race between reading skb-\u003elen\nand freeing the skb is possible (especially during LPM) and will\nresult in use-after-free:\n ==================================================================\n BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n Read of size 4 at addr c00000024eb48a70 by task hxecom/14495\n \u003c...\u003e\n Call Trace:\n [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable)\n [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0\n [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8\n [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0\n [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358\n \u003c...\u003e\n Freed by task 0:\n kasan_save_stack+0x34/0x68\n kasan_save_track+0x2c/0x50\n kasan_save_free_info+0x64/0x108\n __kasan_mempool_poison_object+0x148/0x2d4\n napi_skb_cache_put+0x5c/0x194\n net_tx_action+0x154/0x5b8\n handle_softirqs+0x20c/0x60c\n do_softirq_own_stack+0x6c/0x88\n \u003c...\u003e\n The buggy address belongs to the object at c00000024eb48a00 which\n belongs to the cache skbuff_head_cache of size 224\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21855",
"url": "https://www.suse.com/security/cve/CVE-2025-21855"
},
{
"category": "external",
"summary": "SUSE Bug 1239484 for CVE-2025-21855",
"url": "https://bugzilla.suse.com/1239484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: add release function for struct device\n\nAccording to device_release() in /drivers/base/core.c,\na device without a release function is a broken device\nand must be fixed.\n\nThe current code directly frees the device after calling device_add()\nwithout waiting for other kernel parts to release their references.\nThus, a reference could still be held to a struct device,\ne.g., by sysfs, leading to potential use-after-free\nissues if a proper release function is not set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21856",
"url": "https://www.suse.com/security/cve/CVE-2025-21856"
},
{
"category": "external",
"summary": "SUSE Bug 1239486 for CVE-2025-21856",
"url": "https://bugzilla.suse.com/1239486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_api: fix error handling causing NULL dereference\n\ntcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can\nreturn 1 if the allocation succeeded after wrapping. This was treated as\nan error, with value 1 returned to caller tcf_exts_init_ex() which sets\nexts-\u003eactions to NULL and returns 1 to caller fl_change().\n\nfl_change() treats err == 1 as success, calling tcf_exts_validate_ex()\nwhich calls tcf_action_init() with exts-\u003eactions as argument, where it\nis dereferenced.\n\nExample trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCPU: 114 PID: 16151 Comm: handler114 Kdump: loaded Not tainted 5.14.0-503.16.1.el9_5.x86_64 #1\nRIP: 0010:tcf_action_init+0x1f8/0x2c0\nCall Trace:\n tcf_action_init+0x1f8/0x2c0\n tcf_exts_validate_ex+0x175/0x190\n fl_change+0x537/0x1120 [cls_flower]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21857",
"url": "https://www.suse.com/security/cve/CVE-2025-21857"
},
{
"category": "external",
"summary": "SUSE Bug 1239478 for CVE-2025-21857",
"url": "https://bugzilla.suse.com/1239478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: Fix use-after-free in geneve_find_dev().\n\nsyzkaller reported a use-after-free in geneve_find_dev() [0]\nwithout repro.\n\ngeneve_configure() links struct geneve_dev.next to\nnet_generic(net, geneve_net_id)-\u003egeneve_list.\n\nThe net here could differ from dev_net(dev) if IFLA_NET_NS_PID,\nIFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set.\n\nWhen dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally\ncalls unregister_netdevice_queue() for each dev in the netns,\nand later the dev is freed.\n\nHowever, its geneve_dev.next is still linked to the backend UDP\nsocket netns.\n\nThen, use-after-free will occur when another geneve dev is created\nin the netns.\n\nLet\u0027s call geneve_dellink() instead in geneve_destroy_tunnels().\n\n[0]:\nBUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline]\nBUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\nRead of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441\n\nCPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379\n geneve_find_dev drivers/net/geneve.c:1295 [inline]\n geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\n geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634\n rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:713 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568\n ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622\n __sys_sendmsg net/socket.c:2654 [inline]\n __do_sys_sendmsg net/socket.c:2659 [inline]\n __se_sys_sendmsg net/socket.c:2657 [inline]\n __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600\n\nAllocated by task 13247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4298 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645\n alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470\n rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_n\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21858",
"url": "https://www.suse.com/security/cve/CVE-2025-21858"
},
{
"category": "external",
"summary": "SUSE Bug 1239468 for CVE-2025-21858",
"url": "https://bugzilla.suse.com/1239468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: f_midi: f_midi_complete to call queue_work\n\nWhen using USB MIDI, a lock is attempted to be acquired twice through a\nre-entrant call to f_midi_transmit, causing a deadlock.\n\nFix it by using queue_work() to schedule the inner f_midi_transmit() via\na high priority work queue from the completion handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21859",
"url": "https://www.suse.com/security/cve/CVE-2025-21859"
},
{
"category": "external",
"summary": "SUSE Bug 1239467 for CVE-2025-21859",
"url": "https://bugzilla.suse.com/1239467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate_device: don\u0027t add folio to be freed to LRU in migrate_device_finalize()\n\nIf migration succeeded, we called\nfolio_migrate_flags()-\u003emem_cgroup_migrate() to migrate the memcg from the\nold to the new folio. This will set memcg_data of the old folio to 0.\n\nSimilarly, if migration failed, memcg_data of the dst folio is left unset.\n\nIf we call folio_putback_lru() on such folios (memcg_data == 0), we will\nadd the folio to be freed to the LRU, making memcg code unhappy. Running\nthe hmm selftests:\n\n # ./hmm-tests\n ...\n # RUN hmm.hmm_device_private.migrate ...\n [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00\n [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff)\n [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9\n [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000\n [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg \u0026\u0026 !mem_cgroup_disabled())\n [ 102.087230][T14893] ------------[ cut here ]------------\n [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.090478][T14893] Modules linked in:\n [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151\n [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.096104][T14893] Code: ...\n [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293\n [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426\n [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880\n [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000\n [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8\n [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000\n [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000\n [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0\n [ 102.113478][T14893] PKRU: 55555554\n [ 102.114172][T14893] Call Trace:\n [ 102.114805][T14893] \u003cTASK\u003e\n [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.116547][T14893] ? __warn.cold+0x110/0x210\n [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.118667][T14893] ? report_bug+0x1b9/0x320\n [ 102.119571][T14893] ? handle_bug+0x54/0x90\n [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50\n [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20\n [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0\n [ 102.123506][T14893] ? dump_page+0x4f/0x60\n [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200\n [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720\n [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.129550][T14893] folio_putback_lru+0x16/0x80\n [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530\n [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0\n [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80\n\nLikely, nothing else goes wrong: putting the last folio reference will\nremove the folio from the LRU again. So besides memcg complaining, adding\nthe folio to be freed to the LRU is just an unnecessary step.\n\nThe new flow resembles what we have in migrate_folio_move(): add the dst\nto the lru, rem\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21861",
"url": "https://www.suse.com/security/cve/CVE-2025-21861"
},
{
"category": "external",
"summary": "SUSE Bug 1239483 for CVE-2025-21861",
"url": "https://bugzilla.suse.com/1239483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: fix incorrect initialization order\n\nSyzkaller reports the following bug:\n\nBUG: spinlock bad magic on CPU#1, syz-executor.0/7995\n lock: 0xffff88805303f3e0, .magic: 00000000, .owner: \u003cnone\u003e/-1, .owner_cpu: 0\nCPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x119/0x179 lib/dump_stack.c:118\n debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]\n do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]\n _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159\n reset_per_cpu_data+0xe6/0x240 [drop_monitor]\n net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor]\n genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497\n genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:651 [inline]\n __sock_sendmsg+0x157/0x190 net/socket.c:663\n ____sys_sendmsg+0x712/0x870 net/socket.c:2378\n ___sys_sendmsg+0xf8/0x170 net/socket.c:2432\n __sys_sendmsg+0xea/0x1b0 net/socket.c:2461\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\nRIP: 0033:0x7f3f9815aee9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9\nRDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007\nRBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768\n\nIf drop_monitor is built as a kernel module, syzkaller may have time\nto send a netlink NET_DM_CMD_START message during the module loading.\nThis will call the net_dm_monitor_start() function that uses\na spinlock that has not yet been initialized.\n\nTo fix this, let\u0027s place resource initialization above the registration\nof a generic netlink family.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21862",
"url": "https://www.suse.com/security/cve/CVE-2025-21862"
},
{
"category": "external",
"summary": "SUSE Bug 1239474 for CVE-2025-21862",
"url": "https://bugzilla.suse.com/1239474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: drop secpath at the same time as we currently drop dst\n\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\nrunning tests that boil down to:\n - create a pair of netns\n - run a basic TCP test over ipcomp6\n - delete the pair of netns\n\nThe xfrm_state found on spi_byaddr was not deleted at the time we\ndelete the netns, because we still have a reference on it. This\nlingering reference comes from a secpath (which holds a ref on the\nxfrm_state), which is still attached to an skb. This skb is not\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\nskb_attempt_defer_free.\n\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\nthat case, we still have a reference on the xfrm_state that we don\u0027t\nexpect at this point.\n\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\nlonger needed, so let\u0027s also drop the secpath. At this point,\ntcp_filter has already called into the LSM hooks that may require the\nsecpath, so it should not be needed anymore. However, in some of those\nplaces, the MPTCP extension has just been attached to the skb, so we\ncannot simply drop all extensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21864",
"url": "https://www.suse.com/security/cve/CVE-2025-21864"
},
{
"category": "external",
"summary": "SUSE Bug 1239482 for CVE-2025-21864",
"url": "https://bugzilla.suse.com/1239482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().\n\nBrad Spengler reported the list_del() corruption splat in\ngtp_net_exit_batch_rtnl(). [0]\n\nCommit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns\ndismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl()\nto destroy devices in each netns as done in geneve and ip tunnels.\n\nHowever, this could trigger -\u003edellink() twice for the same device during\n-\u003eexit_batch_rtnl().\n\nSay we have two netns A \u0026 B and gtp device B that resides in netns B but\nwhose UDP socket is in netns A.\n\n 1. cleanup_net() processes netns A and then B.\n\n 2. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns A\u0027s gn-\u003egtp_dev_list and calls -\u003edellink().\n\n [ device B is not yet unlinked from netns B\n as unregister_netdevice_many() has not been called. ]\n\n 3. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns B\u0027s for_each_netdev() and calls -\u003edellink().\n\ngtp_dellink() cleans up the device\u0027s hash table, unlinks the dev from\ngn-\u003egtp_dev_list, and calls unregister_netdevice_queue().\n\nBasically, calling gtp_dellink() multiple times is fine unless\nCONFIG_DEBUG_LIST is enabled.\n\nLet\u0027s remove for_each_netdev() in gtp_net_exit_batch_rtnl() and\ndelegate the destruction to default_device_exit_batch() as done\nin bareudp.\n\n[0]:\nlist_del corruption, ffff8880aaa62c00-\u003enext (autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]) is LIST_POISON1 (ffffffffffffff02) (prev is 0xffffffffffffff04)\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 UID: 0 PID: 1804 Comm: kworker/u8:7 Tainted: G T 6.12.13-grsec-full-20250211091339 #1\nTainted: [T]=RANDSTRUCT\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:[\u003cffffffff84947381\u003e] __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nCode: c2 76 91 31 c0 e8 9f b1 f7 fc 0f 0b 4d 89 f0 48 c7 c1 02 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 e0 c2 76 91 31 c0 e8 7f b1 f7 fc \u003c0f\u003e 0b 4d 89 e8 48 c7 c1 04 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 60\nRSP: 0018:fffffe8040b4fbd0 EFLAGS: 00010283\nRAX: 00000000000000cc RBX: dffffc0000000000 RCX: ffffffff818c4054\nRDX: ffffffff84947381 RSI: ffffffff818d1512 RDI: 0000000000000000\nRBP: ffff8880aaa62c00 R08: 0000000000000001 R09: fffffbd008169f32\nR10: fffffe8040b4f997 R11: 0000000000000001 R12: a1988d84f24943e4\nR13: ffffffffffffff02 R14: ffffffffffffff04 R15: ffff8880aaa62c08\nRBX: kasan shadow of 0x0\nRCX: __wake_up_klogd.part.0+0x74/0xe0 kernel/printk/printk.c:4554\nRDX: __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nRSI: vprintk+0x72/0x100 kernel/printk/printk_safe.c:71\nRBP: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]\nRSP: process kstack fffffe8040b4fbd0+0x7bd0/0x8000 [kworker/u8:7+netns 1804 ]\nR09: kasan shadow of process kstack fffffe8040b4f990+0x7990/0x8000 [kworker/u8:7+netns 1804 ]\nR10: process kstack fffffe8040b4f997+0x7997/0x8000 [kworker/u8:7+netns 1804 ]\nR15: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc08/0x1000 [slab object]\nFS: 0000000000000000(0000) GS:ffff888116000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000748f5372c000 CR3: 0000000015408000 CR4: 00000000003406f0 shadow CR4: 00000000003406f0\nStack:\n 0000000000000000 ffffffff8a0c35e7 ffffffff8a0c3603 ffff8880aaa62c00\n ffff8880aaa62c00 0000000000000004 ffff88811145311c 0000000000000005\n 0000000000000001 ffff8880aaa62000 fffffe8040b4fd40 ffffffff8a0c360d\nCall Trace:\n \u003cTASK\u003e\n [\u003cffffffff8a0c360d\u003e] __list_del_entry_valid include/linux/list.h:131 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] __list_del_entry include/linux/list.h:248 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] list_del include/linux/list.h:262 [inl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21865",
"url": "https://www.suse.com/security/cve/CVE-2025-21865"
},
{
"category": "external",
"summary": "SUSE Bug 1239481 for CVE-2025-21865",
"url": "https://bugzilla.suse.com/1239481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC\n\nErhard reported the following KASAN hit while booting his PowerMac G4\nwith a KASAN-enabled kernel 6.13-rc6:\n\n BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8\n Write of size 8 at addr f1000000 by task chronyd/1293\n\n CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2\n Tainted: [W]=WARN\n Hardware name: PowerMac3,6 7455 0x80010303 PowerMac\n Call Trace:\n [c2437590] [c1631a84] dump_stack_lvl+0x70/0x8c (unreliable)\n [c24375b0] [c0504998] print_report+0xdc/0x504\n [c2437610] [c050475c] kasan_report+0xf8/0x108\n [c2437690] [c0505a3c] kasan_check_range+0x24/0x18c\n [c24376a0] [c03fb5e4] copy_to_kernel_nofault+0xd8/0x1c8\n [c24376c0] [c004c014] patch_instructions+0x15c/0x16c\n [c2437710] [c00731a8] bpf_arch_text_copy+0x60/0x7c\n [c2437730] [c0281168] bpf_jit_binary_pack_finalize+0x50/0xac\n [c2437750] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec\n [c2437880] [c0280394] bpf_prog_select_runtime+0x15c/0x478\n [c24378d0] [c1263428] bpf_prepare_filter+0xbf8/0xc14\n [c2437990] [c12677ec] bpf_prog_create_from_user+0x258/0x2b4\n [c24379d0] [c027111c] do_seccomp+0x3dc/0x1890\n [c2437ac0] [c001d8e0] system_call_exception+0x2dc/0x420\n [c2437f30] [c00281ac] ret_from_syscall+0x0/0x2c\n --- interrupt: c00 at 0x5a1274\n NIP: 005a1274 LR: 006a3b3c CTR: 005296c8\n REGS: c2437f40 TRAP: 0c00 Tainted: G W (6.13.0-rc6-PMacG4)\n MSR: 0200f932 \u003cVEC,EE,PR,FP,ME,IR,DR,RI\u003e CR: 24004422 XER: 00000000\n\n GPR00: 00000166 af8f3fa0 a7ee3540 00000001 00000000 013b6500 005a5858 0200f932\n GPR08: 00000000 00001fe9 013d5fc8 005296c8 2822244c 00b2fcd8 00000000 af8f4b57\n GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002\n GPR24: 00afdbb0 00000000 00000000 00000000 006e0004 013ce060 006e7c1c 00000001\n NIP [005a1274] 0x5a1274\n LR [006a3b3c] 0x6a3b3c\n --- interrupt: c00\n\n The buggy address belongs to the virtual mapping at\n [f1000000, f1002000) created by:\n text_area_cpu_up+0x20/0x190\n\n The buggy address belongs to the physical page:\n page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x76e30\n flags: 0x80000000(zone=2)\n raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001\n raw: 00000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n f0ffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n f0ffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003ef1000000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n f1000080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n f1000100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ==================================================================\n\nf8 corresponds to KASAN_VMALLOC_INVALID which means the area is not\ninitialised hence not supposed to be used yet.\n\nPowerpc text patching infrastructure allocates a virtual memory area\nusing get_vm_area() and flags it as VM_ALLOC. But that flag is meant\nto be used for vmalloc() and vmalloc() allocated memory is not\nsupposed to be used before a call to __vmalloc_node_range() which is\nnever called for that area.\n\nThat went undetected until commit e4137f08816b (\"mm, kasan, kmsan:\ninstrument copy_from/to_kernel_nofault\")\n\nThe area allocated by text_area_cpu_up() is not vmalloc memory, it is\nmapped directly on demand when needed by map_kernel_page(). There is\nno VM flag corresponding to such usage, so just pass no flag. That way\nthe area will be unpoisonned and usable immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21866",
"url": "https://www.suse.com/security/cve/CVE-2025-21866"
},
{
"category": "external",
"summary": "SUSE Bug 1239473 for CVE-2025-21866",
"url": "https://bugzilla.suse.com/1239473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Disable KASAN report during patching via temporary mm\n\nErhard reports the following KASAN hit on Talos II (power9) with kernel 6.13:\n\n[ 12.028126] ==================================================================\n[ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1\n\n[ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted: G T 6.13.0-P9-dirty #3\n[ 12.028408] Tainted: [T]=RANDSTRUCT\n[ 12.028446] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n[ 12.028500] Call Trace:\n[ 12.028536] [c000000008dbf3b0] [c000000001656a48] dump_stack_lvl+0xbc/0x110 (unreliable)\n[ 12.028609] [c000000008dbf3f0] [c0000000006e2fc8] print_report+0x6b0/0x708\n[ 12.028666] [c000000008dbf4e0] [c0000000006e2454] kasan_report+0x164/0x300\n[ 12.028725] [c000000008dbf600] [c0000000006e54d4] kasan_check_range+0x314/0x370\n[ 12.028784] [c000000008dbf640] [c0000000006e6310] __kasan_check_write+0x20/0x40\n[ 12.028842] [c000000008dbf660] [c000000000578e8c] copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028902] [c000000008dbf6a0] [c0000000000acfe4] __patch_instructions+0x194/0x210\n[ 12.028965] [c000000008dbf6e0] [c0000000000ade80] patch_instructions+0x150/0x590\n[ 12.029026] [c000000008dbf7c0] [c0000000001159bc] bpf_arch_text_copy+0x6c/0xe0\n[ 12.029085] [c000000008dbf800] [c000000000424250] bpf_jit_binary_pack_finalize+0x40/0xc0\n[ 12.029147] [c000000008dbf830] [c000000000115dec] bpf_int_jit_compile+0x3bc/0x930\n[ 12.029206] [c000000008dbf990] [c000000000423720] bpf_prog_select_runtime+0x1f0/0x280\n[ 12.029266] [c000000008dbfa00] [c000000000434b18] bpf_prog_load+0xbb8/0x1370\n[ 12.029324] [c000000008dbfb70] [c000000000436ebc] __sys_bpf+0x5ac/0x2e00\n[ 12.029379] [c000000008dbfd00] [c00000000043a228] sys_bpf+0x28/0x40\n[ 12.029435] [c000000008dbfd20] [c000000000038eb4] system_call_exception+0x334/0x610\n[ 12.029497] [c000000008dbfe50] [c00000000000c270] system_call_vectored_common+0xf0/0x280\n[ 12.029561] --- interrupt: 3000 at 0x3fff82f5cfa8\n[ 12.029608] NIP: 00003fff82f5cfa8 LR: 00003fff82f5cfa8 CTR: 0000000000000000\n[ 12.029660] REGS: c000000008dbfe80 TRAP: 3000 Tainted: G T (6.13.0-P9-dirty)\n[ 12.029735] MSR: 900000000280f032 \u003cSF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI\u003e CR: 42004848 XER: 00000000\n[ 12.029855] IRQMASK: 0\n GPR00: 0000000000000169 00003fffdcf789a0 00003fff83067100 0000000000000005\n GPR04: 00003fffdcf78a98 0000000000000090 0000000000000000 0000000000000008\n GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 0000000000000000 00003fff836ff7e0 c000000000010678 0000000000000000\n GPR16: 0000000000000000 0000000000000000 00003fffdcf78f28 00003fffdcf78f90\n GPR20: 0000000000000000 0000000000000000 0000000000000000 00003fffdcf78f80\n GPR24: 00003fffdcf78f70 00003fffdcf78d10 00003fff835c7239 00003fffdcf78bd8\n GPR28: 00003fffdcf78a98 0000000000000000 0000000000000000 000000011f547580\n[ 12.030316] NIP [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030361] LR [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030405] --- interrupt: 3000\n[ 12.030444] ==================================================================\n\nCommit c28c15b6d28a (\"powerpc/code-patching: Use temporary mm for\nRadix MMU\") is inspired from x86 but unlike x86 is doesn\u0027t disable\nKASAN reports during patching. This wasn\u0027t a problem at the begining\nbecause __patch_mem() is not instrumented.\n\nCommit 465cabc97b42 (\"powerpc/code-patching: introduce\npatch_instructions()\") use copy_to_kernel_nofault() to copy several\ninstructions at once. But when using temporary mm the destination is\nnot regular kernel memory but a kind of kernel-like memory located\nin user address space. \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21869",
"url": "https://www.suse.com/security/cve/CVE-2025-21869"
},
{
"category": "external",
"summary": "SUSE Bug 1240182 for CVE-2025-21869",
"url": "https://bugzilla.suse.com/1240182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers\n\nOther, non DAI copier widgets could have the same stream name (sname) as\nthe ALH copier and in that case the copier-\u003edata is NULL, no alh_data is\nattached, which could lead to NULL pointer dereference.\nWe could check for this NULL pointer in sof_ipc4_prepare_copier_module()\nand avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()\nwill miscalculate the ALH device count, causing broken audio.\n\nThe correct fix is to harden the matching logic by making sure that the\n1. widget is a DAI widget - so dai = w-\u003eprivate is valid\n2. the dai (and thus the copier) is ALH copier",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21870",
"url": "https://www.suse.com/security/cve/CVE-2025-21870"
},
{
"category": "external",
"summary": "SUSE Bug 1240191 for CVE-2025-21870",
"url": "https://bugzilla.suse.com/1240191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it\u0027s possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21871",
"url": "https://www.suse.com/security/cve/CVE-2025-21871"
},
{
"category": "external",
"summary": "SUSE Bug 1240183 for CVE-2025-21871",
"url": "https://bugzilla.suse.com/1240183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix suspicious RCU usage\n\nCommit \u003cd74169ceb0d2\u003e (\"iommu/vt-d: Allocate DMAR fault interrupts\nlocally\") moved the call to enable_drhd_fault_handling() to a code\npath that does not hold any lock while traversing the drhd list. Fix\nit by ensuring the dmar_global_lock lock is held when traversing the\ndrhd list.\n\nWithout this fix, the following warning is triggered:\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3 #55 Not tainted\n -----------------------------\n drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!!\n other info that might help us debug this:\n rcu_scheduler_active = 1, debug_locks = 1\n 2 locks held by cpuhp/1/23:\n #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n stack backtrace:\n CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xb7/0xd0\n lockdep_rcu_suspicious+0x159/0x1f0\n ? __pfx_enable_drhd_fault_handling+0x10/0x10\n enable_drhd_fault_handling+0x151/0x180\n cpuhp_invoke_callback+0x1df/0x990\n cpuhp_thread_fun+0x1ea/0x2c0\n smpboot_thread_fn+0x1f5/0x2e0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n kthread+0x12a/0x2d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4a/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nHolding the lock in enable_drhd_fault_handling() triggers a lockdep splat\nabout a possible deadlock between dmar_global_lock and cpu_hotplug_lock.\nThis is avoided by not holding dmar_global_lock when calling\niommu_device_register(), which initiates the device probe process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21876",
"url": "https://www.suse.com/security/cve/CVE-2025-21876"
},
{
"category": "external",
"summary": "SUSE Bug 1240179 for CVE-2025-21876",
"url": "https://bugzilla.suse.com/1240179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: gl620a: fix endpoint checking in genelink_bind()\n\nSyzbot reports [1] a warning in usb_submit_urb() triggered by\ninconsistencies between expected and actually present endpoints\nin gl620a driver. Since genelink_bind() does not properly\nverify whether specified eps are in fact provided by the device,\nin this case, an artificially manufactured one, one may get a\nmismatch.\n\nFix the issue by resorting to a usbnet utility function\nusbnet_get_endpoints(), usually reserved for this very problem.\nCheck for endpoints and return early before proceeding further if\nany are missing.\n\n[1] Syzbot report:\nusb 5-1: Manufacturer: syz\nusb 5-1: SerialNumber: syz\nusb 5-1: config 0 descriptor??\ngl620a 5-1:0.23 usb0: register \u0027gl620a\u0027 at usb-dummy_hcd.0-1, ...\n------------[ cut here ]------------\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nModules linked in:\nCPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:3827 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_resolve_output net/core/neighbour.c:1514 [inline]\n neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494\n neigh_output include/net/neighbour.h:539 [inline]\n ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819\n mld_send_cr net/ipv6/mcast.c:2120 [inline]\n mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651\n process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21877",
"url": "https://www.suse.com/security/cve/CVE-2025-21877"
},
{
"category": "external",
"summary": "SUSE Bug 1240172 for CVE-2025-21877",
"url": "https://bugzilla.suse.com/1240172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: npcm: disable interrupt enable bit before devm_request_irq\n\nThe customer reports that there is a soft lockup issue related to\nthe i2c driver. After checking, the i2c module was doing a tx transfer\nand the bmc machine reboots in the middle of the i2c transaction, the i2c\nmodule keeps the status without being reset.\n\nDue to such an i2c module status, the i2c irq handler keeps getting\ntriggered since the i2c irq handler is registered in the kernel booting\nprocess after the bmc machine is doing a warm rebooting.\nThe continuous triggering is stopped by the soft lockup watchdog timer.\n\nDisable the interrupt enable bit in the i2c module before calling\ndevm_request_irq to fix this issue since the i2c relative status bit\nis read-only.\n\nHere is the soft lockup log.\n[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]\n[ 28.183351] Modules linked in:\n[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1\n[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 28.208128] pc : __do_softirq+0xb0/0x368\n[ 28.212055] lr : __do_softirq+0x70/0x368\n[ 28.215972] sp : ffffff8035ebca00\n[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780\n[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0\n[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b\n[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff\n[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000\n[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2\n[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250\n[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434\n[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198\n[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40\n[ 28.290611] Call trace:\n[ 28.293052] __do_softirq+0xb0/0x368\n[ 28.296625] __irq_exit_rcu+0xe0/0x100\n[ 28.300374] irq_exit+0x14/0x20\n[ 28.303513] handle_domain_irq+0x68/0x90\n[ 28.307440] gic_handle_irq+0x78/0xb0\n[ 28.311098] call_on_irq_stack+0x20/0x38\n[ 28.315019] do_interrupt_handler+0x54/0x5c\n[ 28.319199] el1_interrupt+0x2c/0x4c\n[ 28.322777] el1h_64_irq_handler+0x14/0x20\n[ 28.326872] el1h_64_irq+0x74/0x78\n[ 28.330269] __setup_irq+0x454/0x780\n[ 28.333841] request_threaded_irq+0xd0/0x1b4\n[ 28.338107] devm_request_threaded_irq+0x84/0x100\n[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0\n[ 28.346990] platform_probe+0x6c/0xc4\n[ 28.350653] really_probe+0xcc/0x45c\n[ 28.354227] __driver_probe_device+0x8c/0x160\n[ 28.358578] driver_probe_device+0x44/0xe0\n[ 28.362670] __driver_attach+0x124/0x1d0\n[ 28.366589] bus_for_each_dev+0x7c/0xe0\n[ 28.370426] driver_attach+0x28/0x30\n[ 28.373997] bus_add_driver+0x124/0x240\n[ 28.377830] driver_register+0x7c/0x124\n[ 28.381662] __platform_driver_register+0x2c/0x34\n[ 28.386362] npcm_i2c_init+0x3c/0x5c\n[ 28.389937] do_one_initcall+0x74/0x230\n[ 28.393768] kernel_init_freeable+0x24c/0x2b4\n[ 28.398126] kernel_init+0x28/0x130\n[ 28.401614] ret_from_fork+0x10/0x20\n[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks\n[ 28.411011] SMP: stopping secondary CPUs\n[ 28.414933] Kernel Offset: disabled\n[ 28.418412] CPU features: 0x00000000,00000802\n[ 28.427644] Rebooting in 20 seconds..",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21878",
"url": "https://www.suse.com/security/cve/CVE-2025-21878"
},
{
"category": "external",
"summary": "SUSE Bug 1240192 for CVE-2025-21878",
"url": "https://bugzilla.suse.com/1240192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix deinitializing VF in error path\n\nIf ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees\nall VFs without removing them from snapshot PF-VF mailbox list, leading\nto list corruption.\n\nReproducer:\n devlink dev eswitch set $PF1_PCI mode switchdev\n ip l s $PF1 up\n ip l s $PF1 promisc on\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n\nTrace (minimized):\n list_add corruption. next-\u003eprev should be prev (ffff8882e241c6f0), but was 0000000000000000. (next=ffff888455da1330).\n kernel BUG at lib/list_debug.c:29!\n RIP: 0010:__list_add_valid_or_report+0xa6/0x100\n ice_mbx_init_vf_info+0xa7/0x180 [ice]\n ice_initialize_vf_entry+0x1fa/0x250 [ice]\n ice_sriov_configure+0x8d7/0x1520 [ice]\n ? __percpu_ref_switch_mode+0x1b1/0x5d0\n ? __pfx_ice_sriov_configure+0x10/0x10 [ice]\n\nSometimes a KASAN report can be seen instead with a similar stack trace:\n BUG: KASAN: use-after-free in __list_add_valid_or_report+0xf1/0x100\n\nVFs are added to this list in ice_mbx_init_vf_info(), but only removed\nin ice_free_vfs(). Move the removing to ice_free_vf_entries(), which is\nalso being called in other places where VFs are being removed (including\nice_free_vfs() itself).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21883",
"url": "https://www.suse.com/security/cve/CVE-2025-21883"
},
{
"category": "external",
"summary": "SUSE Bug 1240189 for CVE-2025-21883",
"url": "https://bugzilla.suse.com/1240189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix the page details for the srq created by kernel consumers\n\nWhile using nvme target with use_srq on, below kernel panic is noticed.\n\n[ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514)\n[ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n..\n[ 566.393799] \u003cTASK\u003e\n[ 566.393807] ? __die_body+0x1a/0x60\n[ 566.393823] ? die+0x38/0x60\n[ 566.393835] ? do_trap+0xe4/0x110\n[ 566.393847] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393867] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393881] ? do_error_trap+0x7c/0x120\n[ 566.393890] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393911] ? exc_divide_error+0x34/0x50\n[ 566.393923] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393939] ? asm_exc_divide_error+0x16/0x20\n[ 566.393966] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393997] bnxt_qplib_create_srq+0xc9/0x340 [bnxt_re]\n[ 566.394040] bnxt_re_create_srq+0x335/0x3b0 [bnxt_re]\n[ 566.394057] ? srso_return_thunk+0x5/0x5f\n[ 566.394068] ? __init_swait_queue_head+0x4a/0x60\n[ 566.394090] ib_create_srq_user+0xa7/0x150 [ib_core]\n[ 566.394147] nvmet_rdma_queue_connect+0x7d0/0xbe0 [nvmet_rdma]\n[ 566.394174] ? lock_release+0x22c/0x3f0\n[ 566.394187] ? srso_return_thunk+0x5/0x5f\n\nPage size and shift info is set only for the user space SRQs.\nSet page size and page shift for kernel space SRQs also.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21885",
"url": "https://www.suse.com/security/cve/CVE-2025-21885"
},
{
"category": "external",
"summary": "SUSE Bug 1240169 for CVE-2025-21885",
"url": "https://bugzilla.suse.com/1240169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP hang on parent deregistration\n\nFix the destroy_unused_implicit_child_mr() to prevent hanging during\nparent deregistration as of below [1].\n\nUpon entering destroy_unused_implicit_child_mr(), the reference count\nfor the implicit MR parent is incremented using:\nrefcount_inc_not_zero().\n\nA corresponding decrement must be performed if\nfree_implicit_child_mr_work() is not called.\n\nThe code has been updated to properly manage the reference count that\nwas incremented.\n\n[1]\nINFO: task python3:2157 blocked for more than 120 seconds.\nNot tainted 6.12.0-rc7+ #1633\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:python3 state:D stack:0 pid:2157 tgid:2157 ppid:1685 flags:0x00000000\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\n__mlx5_ib_dereg_mr+0x379/0x5d0 [mlx5_ib]\n? __pfx_autoremove_wake_function+0x10/0x10\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n __x64_sys_ioctl+0x1b0/0xa70\n? kmem_cache_free+0x221/0x400\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f20f21f017b\nRSP: 002b:00007ffcfc4a77c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffcfc4a78d8 RCX: 00007f20f21f017b\nRDX: 00007ffcfc4a78c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffcfc4a78a0 R08: 000056147d125190 R09: 00007f20f1f14c60\nR10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcfc4a7890\nR13: 000000000000001c R14: 000056147d100fc0 R15: 00007f20e365c9d0\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21886",
"url": "https://www.suse.com/security/cve/CVE-2025-21886"
},
{
"category": "external",
"summary": "SUSE Bug 1240188 for CVE-2025-21886",
"url": "https://bugzilla.suse.com/1240188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a WARN during dereg_mr for DM type\n\nMemory regions (MR) of type DM (device memory) do not have an associated\numem.\n\nIn the __mlx5_ib_dereg_mr() -\u003e mlx5_free_priv_descs() flow, the code\nincorrectly takes the wrong branch, attempting to call\ndma_unmap_single() on a DMA address that is not mapped.\n\nThis results in a WARN [1], as shown below.\n\nThe issue is resolved by properly accounting for the DM type and\nensuring the correct branch is selected in mlx5_free_priv_descs().\n\n[1]\nWARNING: CPU: 12 PID: 1346 at drivers/iommu/dma-iommu.c:1230 iommu_dma_unmap_page+0x79/0x90\nModules linked in: ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry ovelay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\nCPU: 12 UID: 0 PID: 1346 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1631\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:iommu_dma_unmap_page+0x79/0x90\nCode: 2b 49 3b 29 72 26 49 3b 69 08 73 20 4d 89 f0 44 89 e9 4c 89 e2 48 89 ee 48 89 df 5b 5d 41 5c 41 5d 41 5e 41 5f e9 07 b8 88 ff \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 66 0f 1f 44 00\nRSP: 0018:ffffc90001913a10 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810194b0a8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001\nRBP: ffff88810194b0a8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f537abdd740(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f537aeb8000 CR3: 000000010c248001 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x84/0x190\n? iommu_dma_unmap_page+0x79/0x90\n? report_bug+0xf8/0x1c0\n? handle_bug+0x55/0x90\n? exc_invalid_op+0x13/0x60\n? asm_exc_invalid_op+0x16/0x20\n? iommu_dma_unmap_page+0x79/0x90\ndma_unmap_page_attrs+0xe6/0x290\nmlx5_free_priv_descs+0xb0/0xe0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x37e/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f537adaf17b\nCode: 0f 1e fa 48 8b 05 1d ad 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed ac 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffff218f0b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffff218f1d8 RCX: 00007f537adaf17b\nRDX: 00007ffff218f1c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffff218f1a0 R08: 00007f537aa8d010 R09: 0000561ee2e4f270\nR10: 00007f537aace3a8 R11: 0000000000000246 R12: 00007ffff218f190\nR13: 000000000000001c R14: 0000561ee2e4d7c0 R15: 00007ffff218f450\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21888",
"url": "https://www.suse.com/security/cve/CVE-2025-21888"
},
{
"category": "external",
"summary": "SUSE Bug 1240177 for CVE-2025-21888",
"url": "https://bugzilla.suse.com/1240177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix checksums set in idpf_rx_rsc()\n\nidpf_rx_rsc() uses skb_transport_offset(skb) while the transport header\nis not set yet.\n\nThis triggers the following warning for CONFIG_DEBUG_NET=y builds.\n\nDEBUG_NET_WARN_ON_ONCE(!skb_transport_header_was_set(skb))\n\n[ 69.261620] WARNING: CPU: 7 PID: 0 at ./include/linux/skbuff.h:3020 idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261629] Modules linked in: vfat fat dummy bridge intel_uncore_frequency_tpmi intel_uncore_frequency_common intel_vsec_tpmi idpf intel_vsec cdc_ncm cdc_eem cdc_ether usbnet mii xhci_pci xhci_hcd ehci_pci ehci_hcd libeth\n[ 69.261644] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Tainted: G S W 6.14.0-smp-DEV #1697\n[ 69.261648] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN\n[ 69.261650] RIP: 0010:idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261677] ? __warn (kernel/panic.c:242 kernel/panic.c:748)\n[ 69.261682] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261687] ? report_bug (lib/bug.c:?)\n[ 69.261690] ? handle_bug (arch/x86/kernel/traps.c:285)\n[ 69.261694] ? exc_invalid_op (arch/x86/kernel/traps.c:309)\n[ 69.261697] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 69.261700] ? __pfx_idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:4011) idpf\n[ 69.261704] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261708] ? idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:3072) idpf\n[ 69.261712] __napi_poll (net/core/dev.c:7194)\n[ 69.261716] net_rx_action (net/core/dev.c:7265)\n[ 69.261718] ? __qdisc_run (net/sched/sch_generic.c:293)\n[ 69.261721] ? sched_clock (arch/x86/include/asm/preempt.h:84 arch/x86/kernel/tsc.c:288)\n[ 69.261726] handle_softirqs (kernel/softirq.c:561)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21890",
"url": "https://www.suse.com/security/cve/CVE-2025-21890"
},
{
"category": "external",
"summary": "SUSE Bug 1240173 for CVE-2025-21890",
"url": "https://bugzilla.suse.com/1240173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21891",
"url": "https://www.suse.com/security/cve/CVE-2025-21891"
},
{
"category": "external",
"summary": "SUSE Bug 1240186 for CVE-2025-21891",
"url": "https://bugzilla.suse.com/1240186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix the recovery flow of the UMR QP\n\nThis patch addresses an issue in the recovery flow of the UMR QP,\nensuring tasks do not get stuck, as highlighted by the call trace [1].\n\nDuring recovery, before transitioning the QP to the RESET state, the\nsoftware must wait for all outstanding WRs to complete.\n\nFailing to do so can cause the firmware to skip sending some flushed\nCQEs with errors and simply discard them upon the RESET, as per the IB\nspecification.\n\nThis race condition can result in lost CQEs and tasks becoming stuck.\n\nTo resolve this, the patch sends a final WR which serves only as a\nbarrier before moving the QP state to RESET.\n\nOnce a CQE is received for that final WR, it guarantees that no\noutstanding WRs remain, making it safe to transition the QP to RESET and\nsubsequently back to RTS, restoring proper functionality.\n\nNote:\nFor the barrier WR, we simply reuse the failed and ready WR.\nSince the QP is in an error state, it will only receive\nIB_WC_WR_FLUSH_ERR. However, as it serves only as a barrier we don\u0027t\ncare about its status.\n\n[1]\nINFO: task rdma_resource_l:1922 blocked for more than 120 seconds.\nTainted: G W 6.12.0-rc7+ #1626\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:rdma_resource_l state:D stack:0 pid:1922 tgid:1922 ppid:1369\n flags:0x00004004\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\nschedule_timeout+0x280/0x300\n? mark_held_locks+0x48/0x80\n? lockdep_hardirqs_on_prepare+0xe5/0x1a0\nwait_for_completion+0x75/0x130\nmlx5r_umr_post_send_wait+0x3c2/0x5b0 [mlx5_ib]\n? __pfx_mlx5r_umr_done+0x10/0x10 [mlx5_ib]\nmlx5r_umr_revoke_mr+0x93/0xc0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x299/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? __lock_acquire+0x64e/0x2080\n? mark_held_locks+0x48/0x80\n? find_held_lock+0x2d/0xa0\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? __fget_files+0xc3/0x1b0\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f99c918b17b\nRSP: 002b:00007ffc766d0468 EFLAGS: 00000246 ORIG_RAX:\n 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffc766d0578 RCX:\n 00007f99c918b17b\nRDX: 00007ffc766d0560 RSI: 00000000c0181b01 RDI:\n 0000000000000003\nRBP: 00007ffc766d0540 R08: 00007f99c8f99010 R09:\n 000000000000bd7e\nR10: 00007f99c94c1c70 R11: 0000000000000246 R12:\n 00007ffc766d0530\nR13: 000000000000001c R14: 0000000040246a80 R15:\n 0000000000000000\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21892",
"url": "https://www.suse.com/security/cve/CVE-2025-21892"
},
{
"category": "external",
"summary": "SUSE Bug 1240175 for CVE-2025-21892",
"url": "https://bugzilla.suse.com/1240175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-rt-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T10:48:21Z",
"details": "moderate"
}
],
"title": "CVE-2025-21892"
}
]
}
suse-su-2025:0856-1
Vulnerability from csaf_suse
Published
2025-03-13 15:46
Modified
2025-03-13 15:46
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Fix memory-hotplug regression (bsc#1237504).
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: allocate keycode for phone linking (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes).
- Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094).
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- doc: update managed_irq documentation (bsc#1236897).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-source: Also replace bin/env
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: move altnames together with the netdevice (bsc#1233749).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- packaging: Turn gcc version into config.sh variable.
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
Patchnames
SUSE-2025-856,SUSE-SLE-Module-Basesystem-15-SP6-2025-856,SUSE-SLE-Module-Development-Tools-15-SP6-2025-856,SUSE-SLE-Module-Legacy-15-SP6-2025-856,SUSE-SLE-Module-Live-Patching-15-SP6-2025-856,SUSE-SLE-Product-HA-15-SP6-2025-856,SUSE-SLE-Product-WE-15-SP6-2025-856,openSUSE-SLE-15.6-2025-856
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- Fix memory-hotplug regression (bsc#1237504).\n- Grab mm lock before grabbing pt lock (git-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: allocate keycode for phone linking (stable-fixes).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Skip the \u0027try unsync\u0027 path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Revert \u0027blk-throttle: Fix IO hang for a corner case\u0027 (git-fixes).\n- Revert \u0027drm/amd/display: Use HW lock mgr for PSR1\u0027 (stable-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- Update \u0027drm/mgag200: Added support for the new device G200eH5\u0027 (jsc#PED-12094).\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-source: Also replace bin/env\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- smb3: fix creating FIFOs when mounting with \u0027sfu\u0027 mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools: fix annoying \u0027mkdir -p ...\u0027 logs when building tools in parallel (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- packaging: Turn gcc version into config.sh variable.\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-856,SUSE-SLE-Module-Basesystem-15-SP6-2025-856,SUSE-SLE-Module-Development-Tools-15-SP6-2025-856,SUSE-SLE-Module-Legacy-15-SP6-2025-856,SUSE-SLE-Module-Live-Patching-15-SP6-2025-856,SUSE-SLE-Product-HA-15-SP6-2025-856,SUSE-SLE-Product-WE-15-SP6-2025-856,openSUSE-SLE-15.6-2025-856",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0856-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0856-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250856-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0856-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020508.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235032",
"url": "https://bugzilla.suse.com/1235032"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56568 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-03-13T15:46:38Z",
"generator": {
"date": "2025-03-13T15:46:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0856-1",
"initial_release_date": "2025-03-13T15:46:38Z",
"revision_history": [
{
"date": "2025-03-13T15:46:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product_id": "cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product_id": "cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product_id": "dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product_id": "dlm-kmp-default-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-allwinner-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-altera-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-altera-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-altera-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-amazon-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-amd-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-amd-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-amd-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-amlogic-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-apm-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-apm-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-apm-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-apple-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-apple-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-apple-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-arm-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-arm-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-arm-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-broadcom-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-cavium-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-exynos-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-freescale-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-hisilicon-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-lg-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-lg-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-lg-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-marvell-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-mediatek-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-nvidia-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-qcom-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-renesas-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-rockchip-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-socionext-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-sprd-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"product_id": "dtb-xilinx-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product_id": "gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product_id": "gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-64kb-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-default-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-default-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"product_id": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"product": {
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"product_id": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-default-devel-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-default-extra-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-default-optional-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"product_id": "kernel-obs-build-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"product_id": "kernel-obs-qa-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-6.4.0-150600.23.42.1.aarch64",
"product": {
"name": "kernel-syms-6.4.0-150600.23.42.1.aarch64",
"product_id": "kernel-syms-6.4.0-150600.23.42.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product_id": "kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product_id": "kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product_id": "ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product_id": "ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"product_id": "reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"product_id": "reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-150600.23.42.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-150600.23.42.1.noarch",
"product_id": "kernel-devel-6.4.0-150600.23.42.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-6.4.0-150600.23.42.1.noarch",
"product": {
"name": "kernel-docs-6.4.0-150600.23.42.1.noarch",
"product_id": "kernel-docs-6.4.0-150600.23.42.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"product": {
"name": "kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"product_id": "kernel-docs-html-6.4.0-150600.23.42.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-150600.23.42.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-150600.23.42.1.noarch",
"product_id": "kernel-macros-6.4.0-150600.23.42.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-150600.23.42.1.noarch",
"product": {
"name": "kernel-source-6.4.0-150600.23.42.1.noarch",
"product_id": "kernel-source-6.4.0-150600.23.42.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"product": {
"name": "kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"product_id": "kernel-source-vanilla-6.4.0-150600.23.42.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product_id": "cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product_id": "dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product_id": "gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-debug-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-default-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-default-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"product": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"product_id": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"product": {
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"product_id": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-default-devel-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-default-extra-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-default-optional-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kernel-obs-build-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"product": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"product_id": "kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"product": {
"name": "kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"product_id": "kernel-syms-6.4.0-150600.23.42.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product_id": "kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product_id": "ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"product_id": "reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"product_id": "cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"product_id": "dlm-kmp-default-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"product_id": "gfs2-kmp-default-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-default-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-default-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-default-devel-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-default-extra-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-default-livepatch-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-default-optional-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-obs-build-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"product": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"product_id": "kernel-obs-qa-6.4.0-150600.23.42.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-syms-6.4.0-150600.23.42.1.s390x",
"product": {
"name": "kernel-syms-6.4.0-150600.23.42.1.s390x",
"product_id": "kernel-syms-6.4.0-150600.23.42.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"product_id": "kernel-zfcpdump-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"product_id": "kselftests-kmp-default-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"product_id": "ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"product": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"product_id": "reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product_id": "cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product_id": "dlm-kmp-default-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product_id": "gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-debug-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-debug-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-debug-devel-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-default-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-default-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"product_id": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"product": {
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"product_id": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-default-devel-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-default-extra-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-default-optional-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-default-vdso-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"product_id": "kernel-obs-build-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"product": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"product_id": "kernel-obs-qa-6.4.0-150600.23.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-6.4.0-150600.23.42.1.x86_64",
"product": {
"name": "kernel-syms-6.4.0-150600.23.42.1.x86_64",
"product_id": "kernel-syms-6.4.0-150600.23.42.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product_id": "kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product_id": "ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"product_id": "reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le"
},
"product_reference": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-150600.23.42.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-150600.23.42.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-zfcpdump-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-6.4.0-150600.23.42.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-docs-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-150600.23.42.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-source-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP6",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15 SP6",
"product_id": "SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-allwinner-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-altera-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-altera-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-amazon-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-amd-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-amd-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-amlogic-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-apm-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-apm-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-apple-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-apple-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-arm-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-arm-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-broadcom-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-cavium-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-exynos-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-freescale-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-hisilicon-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-lg-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-lg-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-marvell-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-mediatek-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-nvidia-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-qcom-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-renesas-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-rockchip-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-socionext-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-sprd-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dtb-xilinx-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-debug-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le"
},
"product_reference": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64"
},
"product_reference": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le"
},
"product_reference": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64"
},
"product_reference": "kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-optional-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-vdso-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-150600.23.42.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-6.4.0-150600.23.42.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-docs-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-html-6.4.0-150600.23.42.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-150600.23.42.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le"
},
"product_reference": "kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x"
},
"product_reference": "kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-6.4.0-150600.23.42.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64"
},
"product_reference": "kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-150600.23.42.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-source-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.4.0-150600.23.42.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch"
},
"product_reference": "kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-6.4.0-150600.23.42.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64"
},
"product_reference": "kernel-syms-6.4.0-150600.23.42.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-zfcpdump-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
},
"product_reference": "reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: Defer probe of clients after smmu device bound\n\nNull pointer dereference occurs due to a race between smmu\ndriver probe and client driver probe, when of_dma_configure()\nfor client is called after the iommu_device_register() for smmu driver\nprobe has executed but before the driver_bound() for smmu driver\nhas been called.\n\nFollowing is how the race occurs:\n\nT1:Smmu device probe\t\tT2: Client device probe\n\nreally_probe()\narm_smmu_device_probe()\niommu_device_register()\n\t\t\t\t\treally_probe()\n\t\t\t\t\tplatform_dma_configure()\n\t\t\t\t\tof_dma_configure()\n\t\t\t\t\tof_dma_configure_id()\n\t\t\t\t\tof_iommu_configure()\n\t\t\t\t\tiommu_probe_device()\n\t\t\t\t\tiommu_init_device()\n\t\t\t\t\tarm_smmu_probe_device()\n\t\t\t\t\tarm_smmu_get_by_fwnode()\n\t\t\t\t\t\tdriver_find_device_by_fwnode()\n\t\t\t\t\t\tdriver_find_device()\n\t\t\t\t\t\tnext_device()\n\t\t\t\t\t\tklist_next()\n\t\t\t\t\t\t /* null ptr\n\t\t\t\t\t\t assigned to smmu */\n\t\t\t\t\t/* null ptr dereference\n\t\t\t\t\t while smmu-\u003estreamid_mask */\ndriver_bound()\n\tklist_add_tail()\n\nWhen this null smmu pointer is dereferenced later in\narm_smmu_probe_device, the device crashes.\n\nFix this by deferring the probe of the client device\nuntil the smmu device has bound to the arm smmu driver.\n\n[will: Add comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56568",
"url": "https://www.suse.com/security/cve/CVE-2024-56568"
},
{
"category": "external",
"summary": "SUSE Bug 1235032 for CVE-2024-56568",
"url": "https://bugzilla.suse.com/1235032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-56568"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-source-6.4.0-150600.23.42.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"SUSE Linux Enterprise Module for Legacy 15 SP6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15 SP6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:cluster-md-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dlm-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:dlm-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:dtb-allwinner-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-altera-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amazon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-amlogic-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-apple-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-arm-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-broadcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-cavium-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-exynos-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-freescale-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-hisilicon-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-lg-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-marvell-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-mediatek-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-nvidia-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-qcom-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-renesas-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-rockchip-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-socionext-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-sprd-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:dtb-xilinx-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:gfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-64kb-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-debug-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-debug-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.aarch64",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.ppc64le",
"openSUSE Leap 15.6:kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4.x86_64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-extra-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-livepatch-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-default-optional-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-default-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-devel-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-docs-html-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-kvmsmall-devel-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-kvmsmall-vdso-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-macros-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kernel-obs-build-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-obs-qa-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-source-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-source-vanilla-6.4.0-150600.23.42.1.noarch",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.ppc64le",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.s390x",
"openSUSE Leap 15.6:kernel-syms-6.4.0-150600.23.42.1.x86_64",
"openSUSE Leap 15.6:kernel-zfcpdump-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:kselftests-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:ocfs2-kmp-default-6.4.0-150600.23.42.2.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-64kb-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.ppc64le",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.s390x",
"openSUSE Leap 15.6:reiserfs-kmp-default-6.4.0-150600.23.42.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T15:46:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
}
]
}
suse-su-2025:20270-1
Vulnerability from csaf_suse
Published
2025-04-17 14:37
Modified
2025-04-17 14:37
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757).
- CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).
- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).
- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).
- CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).
- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).
- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074).
- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).
- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56638: kABI fix for "netfilter: nft_inner: incorrect percpu area handling under softirq" (bsc#1235524).
- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).
- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).
- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).
- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).
- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).
- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).
- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).
- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).
- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).
- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).
- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).
- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).
- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).
- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).
- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).
- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).
- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).
- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).
- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).
- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).
- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).
- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).
- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).
- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).
- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).
- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).
- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).
- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).
- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).
- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).
- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).
- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).
- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).
- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).
- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).
- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).
- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).
- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed
if hclge_ptp_get_cycle returns an error (bsc#1240720).
- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742).
- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).
- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).
- CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784).
- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).
- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).
- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).
- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).
- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).
- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).
- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).
- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).
- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).
- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).
- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).
- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).
- ASoC: ops: Consistently treat platform_max as control value (git-fixes).
- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).
- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).
- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).
- Fix memory-hotplug regression (bsc#1237504)
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Enable playstation driver independently of sony driver (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).
- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).
- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).
- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).
- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).
- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: ads7846 - fix gpiod allocation (git-fixes).
- Input: allocate keycode for phone linking (stable-fixes).
- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).
- Input: iqs7222 - preserve system status register (git-fixes).
- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).
- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - rename QH controller to Legion Go S (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- Move upstreamed ACPI patch into sorted section
- Move upstreamed PCI and initramfs patches into sorted section
- Move upstreamed nfsd and sunrpc patches into sorted section
- Move upstreamed powerpc and SCSI patches into sorted section
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).
- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)
- PCI/DOE: Support discovery version 2 (bsc#1237853)
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).
- PCI: brcmstb: Use internal register to change link capability (git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).
- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Reapply "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "blk-throttle: Fix IO hang for a corner case" (git-fixes).
- Revert "dm: requeue IO if mapping table not yet available" (git-fixes).
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (git-fixes).
- Revert "drm/amd/display: Use HW lock mgr for PSR1" (stable-fixes).
- Revert "leds-pca955x: Remove the unused function pca95xx_num_led_regs()" (stable-fixes).
- Revert "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "wifi: ath11k: support hibernation" (bsc#1207948).
- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).
- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).
- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).
- Update "drm/mgag200: Added support for the new device G200eH5" (jsc#PED-12094)
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435).
- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).
- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).
- affs: do not write overlarge OFS data block size fields (git-fixes).
- affs: generate OFS sequence numbers starting at 1 (git-fixes).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)
- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)
- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)
- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)
- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)
- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- arm64: mm: Correct the update of max_pfn (git-fixes)
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).
- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).
- ata: pata_parport: add custom version of wait_after_reset (git-fixes).
- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).
- ata: pata_serverworks: Do not use the term blacklist (git-fixes).
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: cleanup and fix batch completion adding conditions (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: do not revert iter for -EIOCBQUEUED (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).
- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).
- bpf: Fix a verifier verbose message (git-fixes).
- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).
- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).
- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).
- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).
- bpf: fix potential error return (git-fixes).
- bpf: prevent r10 register from being marked as precise (git-fixes).
- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).
- broadcom: fix supported flag check in periodic output function (git-fixes).
- btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605).
- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).
- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).
- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).
- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).
- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: ucan: fix out of bound read in strscpy() source (git-fixes).
- cdx: Fix possible UAF error in driver_override_show() (git-fixes).
- char: misc: deallocate static minor in error path (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).
- config: Set gcc version (jsc#PED-12251).
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- counter: fix privdata alignment (git-fixes).
- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).
- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).
- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).
- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)
- cpufreq/cppc: Move and rename (bsc#1237856)
- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)
- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)
- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052)
Keep the feature disabled by default on x86_64
- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)
- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init()
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (jsc#PED-12416).
- crypto: qat - Fix typo "accelaration" (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - add support for device telemetry (jsc#PED-12416).
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - fix "Full Going True" macro definition (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- dlm: prevent NPD when writing a positive value to event_done (git-fixes).
- dm array: fix cursor index when skipping across block boundaries (git-fixes).
- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).
- dm init: Handle minors larger than 255 (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm persistent data: fix memory allocation failure (git-fixes).
- dm resume: do not return EINVAL when signalled (git-fixes).
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes).
- dm-crypt: track tag_offset in convert_context (git-fixes).
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- dm-delay: fix max_delay calculations (git-fixes).
- dm-delay: fix workqueue delay_timer race (git-fixes).
- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).
- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).
- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).
- dm: Fix typo in error message (git-fixes).
- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).
- doc/README.SUSE: Point to the updated version of LKMPG
- doc: update managed_irq documentation (bsc#1236897).
- driver core: Remove needless return in void API device_remove_group() (git-fixes).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).
- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).
- drm/amd/display: Fix HPD after gpu reset (stable-fixes).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).
- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).
- drm/amd/pm/smu11: Prevent division by zero (git-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amd/pm: Prevent division by zero (git-fixes).
- drm/amd: Keep display off while going into S4 (stable-fixes).
- drm/amdgpu/dma_buf: fix page_link check (git-fixes).
- drm/amdgpu/gfx11: fix num_mec (git-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to
avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/bridge: Fix spelling mistake "gettin" -> "getting" (git-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).
- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/dpu: do not use active in atomic_check() (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/nouveau: Do not override forced connector status (stable-fixes).
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).
- drm/repaper: fix integer overflows in repeat functions (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/sti: remove duplicate object names (git-fixes).
- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- drm/vkms: Fix use after free and double free on init error (git-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).
- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).
- firmware: cs_dsp: Remove async regmap writes (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: rcar: Fix missing of_node_put() call (git-fixes).
- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).
- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).
- iio: dac: ad3552r: clear reset status flag (git-fixes).
- iio: filter: admv8818: Force initialization of SDO (git-fixes).
- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).
- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).
- init: add initramfs_internal.h (bsc#1232848).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- initramfs: allocate heap buffers together (bsc#1232848).
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- ioam6: improve checks on user data (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI workaround for intel-ish-hid (git-fixes).
- kABI workaround for soc_mixer_control changes (git-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-source: Also replace bin/env
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).
- l2tp: fix lockdep splat (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: 842: Improve error handling in sw842_compress() (git-fixes).
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__default_new() to
perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698
jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).
- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- mdacon: rework dependency list (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).
- media: streamzap: fix race between device disconnection and urb callback (git-fixes).
- media: streamzap: prevent processing IR data on URB failure (git-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).
- media: venus: hfi: add check to handle incorrect queue size (git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- media: vim2m: print device name after registering device (git-fixes).
- media: visl: Fix ERANGE error when setting enum controls (git-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- memblock tests: fix warning: "__ALIGN_KERNEL" redefined (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).
- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Remove extern from function prototypes (stable-fixes).
- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).
- mm: accept to promo watermark (bsc#1239600).
- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).
- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: rawnand: Add status chack in r852_ready() (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- net l2tp: drop flow hash on forward (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).
- net/sched: flower: Add lock protection when remove filter handle (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes).
- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: add dev_net_rcu() helper (bsc#1239994).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).
- net: move altnames together with the netdevice (bsc#1233749).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).
- net: use unrcu_pointer() helper (git-fixes).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).
- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes).
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).
- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).
- nfsd: clear acl_access/acl_default after releasing them (git-fixes).
- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).
- ntb: intel: Fix using link status DB's (git-fixes).
- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).
- ntb_perf: Fix printk format (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).
- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).
- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet-fc: Remove unused functions (git-fixes).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- nvmet: remove old function prototype (git-fixes).
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).
- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).
- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- ocfs2: handle a symlink read error correctly (git-fixes).
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- orangefs: fix a oob in orangefs_debug_write (git-fixes).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- padata: fix sysfs store callback check (git-fixes).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- partitions: mac: fix handling of bogus partition table (git-fixes).
- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- perf tools: annotate asm_pure_loop.S (bsc#1239906).
- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).
- platform/x86: ISST: Correct command storage data length (git-fixes).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).
- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).
- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).
- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).
- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).
- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid
mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- powerpc: Stop using no_llseek (bsc#1239573).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).
- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).
- rapidio: fix an API misues when rio_add_net() fails (git-fixes).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- regulator: check that dummy regulator has been probed before using it (stable-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- regulator: dummy: force synchronous probing (git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).
- s390/cio: Fix CHPID "configure" attribute caching (git-fixes bsc#1240979).
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).
- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).
- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).
- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).
- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- selinux: Implement mptcp_add_subflow hook (bsc#1240375).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).
- smb3: fix creating FIFOs when mounting with "sfu" mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).
- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).
- sunrpc: suppress warnings for unused procfs functions (git-fixes).
- supported.conf: add now-included qat_420xx (external, intel)
- tcp: Add memory barrier to tcp_push() (git-fixes).
- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes).
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).
- tcp: Update window clamping condition (git-fixes).
- tcp: add tcp_done_with_error() helper (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).
- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- tcp: define initial scaling factor value as a macro (git-fixes).
- tcp: derive delack_max from rto_min (git-fixes).
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).
- tcp: fix mid stream window clamp (git-fixes).
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- tcp: fix race in tcp_write_err() (git-fixes).
- tcp: fix races in tcp_abort() (git-fixes).
- tcp: fix races in tcp_v_err() (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes).
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).
- tcp: increase the default TCP scaling ratio (git-fixes).
- tcp: introduce tcp_clock_ms() (git-fixes).
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).
- tools: fix annoying "mkdir -p ..." logs when building tools in parallel (git-fixes).
- tools: move alignment-related macros to new <linux/align.h> (git-fixes).
- topology: Set capacity_freq_ref in all cases (bsc#1238052)
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).
- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).
- tpm: do not start chip while suspended (git-fixes).
- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).
- tpm: tis: Double the timeout B to 4s (bsc#1235870).
- tpm_tis: Move CRC check to generic send routine (bsc#1235870).
- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).
- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).
- tty: serial: 8250: Add some more device IDs (stable-fixes).
- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).
- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ubi: Add a check for ubi_num (git-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).
- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).
- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).
- usb: gadget: Fix setting self-powered state on suspend (git-fixes).
- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: hub: lack of clearing xHC resources (git-fixes).
- usb: phy: generic: Use proper helper for property detection (stable-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: renesas_usbhs: Call clk_put() (git-fixes).
- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).
- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).
- usb: typec: ucsi: Fix NULL pointer access (git-fixes).
- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usb: xhci: correct debug message page size calculation (git-fixes).
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- usbnet:fix NPE during rx_complete (git-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- vfio/pci: Lock external INTx masking ops (bsc#1222803).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes).
- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).
- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).
- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).
- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).
- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).
- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).
- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- x86/microcode/intel: Cleanup code further (git-fixes).
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- x86/microcode/intel: Remove debug code (git-fixes).
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- x86/microcode/intel: Simplify early loading (git-fixes).
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- x86/microcode: Add per CPU control field (git-fixes).
- x86/microcode: Add per CPU result state (git-fixes).
- x86/microcode: Clarify the late load logic (git-fixes).
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- x86/microcode: Handle "nosmt" correctly (git-fixes).
- x86/microcode: Handle "offline" CPUs correctly (git-fixes).
- x86/microcode: Hide the config knob (git-fixes).
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- x86/microcode: Mop up early loading leftovers (git-fixes).
- x86/microcode: Move core specific defines to local header (git-fixes).
- x86/microcode: Prepare for minimal revision check (git-fixes).
- x86/microcode: Protect against instrumentation (git-fixes).
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- x86/microcode: Provide new control functions (git-fixes).
- x86/microcode: Remove microcode_mutex (git-fixes).
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/mm: Remove unused microcode.h include (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).
- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).
- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).
- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).
- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).
- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).
- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).
- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
Patchnames
SUSE-SLE-Micro-6.1-kernel-14
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757).\n- CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).\n- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).\n- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).\n- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).\n- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).\n- CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).\n- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).\n- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).\n- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53124: net: fix data-races around sk-\u003esk_forward_alloc (bsc#1234074).\n- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).\n- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).\n- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).\n- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56638: kABI fix for \"netfilter: nft_inner: incorrect percpu area handling under softirq\" (bsc#1235524).\n- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).\n- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).\n- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).\n- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).\n- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).\n- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).\n- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).\n- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).\n- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).\n- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).\n- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).\n- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).\n- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).\n- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).\n- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).\n- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy (bsc#1236111).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).\n- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).\n- CVE-2025-21678: gtp: Destroy device along with udp socket\u0027s netns dismantle (bsc#1236698).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).\n- CVE-2025-21703: netem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).\n- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).\n- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).\n- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).\n- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).\n- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).\n- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).\n- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).\n- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).\n- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).\n- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).\n- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).\n- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).\n- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).\n- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).\n- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).\n- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).\n- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).\n- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).\n- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).\n- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).\n- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).\n- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).\n- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).\n- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).\n- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).\n- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).\n- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).\n- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).\n- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).\n- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).\n- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).\n- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).\n- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).\n- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).\n- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).\n- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).\n- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).\n- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).\n- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).\n- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).\n- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed\n if hclge_ptp_get_cycle returns an error (bsc#1240720).\n- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level \u003e 2 (bsc#1240742).\n- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).\n- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).\n- CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784).\n- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).\n- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).\n- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).\n- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).\n- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).\n- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).\n- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).\n- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).\n- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).\n- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).\n- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).\n- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).\n- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).\n- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).\n- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).\n- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).\n- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).\n- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).\n- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).\n- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).\n- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).\n- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).\n- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).\n- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).\n- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).\n- ASoC: ops: Consistently treat platform_max as control value (git-fixes).\n- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).\n- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).\n- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- ASoC: rt722-sdca: add missing readable registers (git-fixes).\n- ASoC: tas2764: Fix power control mask (stable-fixes).\n- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).\n- ASoC: tas2770: Fix volume scale (stable-fixes).\n- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).\n- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).\n- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).\n- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).\n- Documentation: qat: fix auto_reset attribute details (git-fixes).\n- Documentation: qat: fix auto_reset section (git-fixes).\n- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).\n- Fix memory-hotplug regression (bsc#1237504)\n- Grab mm lock before grabbing pt lock (git-fixes).\n- HID: Enable playstation driver independently of sony driver (git-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).\n- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).\n- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).\n- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).\n- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).\n- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).\n- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).\n- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).\n- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).\n- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).\n- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).\n- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).\n- IB/mad: Check available slots before posting receive WRs (git-fixes)\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: ads7846 - fix gpiod allocation (git-fixes).\n- Input: allocate keycode for phone linking (stable-fixes).\n- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).\n- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).\n- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).\n- Input: iqs7222 - preserve system status register (git-fixes).\n- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).\n- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).\n- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).\n- Input: xpad - add multiple supported devices (stable-fixes).\n- Input: xpad - add support for TECNO Pocket Go (stable-fixes).\n- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).\n- Input: xpad - rename QH controller to Legion Go S (stable-fixes).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Skip the \"try unsync\" path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- Move upstreamed ACPI patch into sorted section\n- Move upstreamed PCI and initramfs patches into sorted section\n- Move upstreamed nfsd and sunrpc patches into sorted section\n- Move upstreamed powerpc and SCSI patches into sorted section\n- PCI/ACS: Fix \u0027pci=config_acs=\u0027 parameter (git-fixes).\n- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).\n- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)\n- PCI/DOE: Support discovery version 2 (bsc#1237853)\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).\n- PCI: Avoid reset when disabled via sysfs (git-fixes).\n- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).\n- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).\n- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).\n- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).\n- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).\n- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).\n- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).\n- PCI: brcmstb: Use internal register to change link capability (git-fixes).\n- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).\n- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).\n- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).\n- PM: sleep: Adjust check before setting power.must_resume (git-fixes).\n- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).\n- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).\n- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)\n- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)\n- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/hns: Fix missing xa_destroy() (git-fixes)\n- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)\n- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)\n- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)\n- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)\n- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Reapply \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"blk-throttle: Fix IO hang for a corner case\" (git-fixes).\n- Revert \"dm: requeue IO if mapping table not yet available\" (git-fixes).\n- Revert \"drivers/card_reader/rtsx_usb: Restore interrupt based detection\" (git-fixes).\n- Revert \"drm/amd/display: Use HW lock mgr for PSR1\" (stable-fixes).\n- Revert \"leds-pca955x: Remove the unused function pca95xx_num_led_regs()\" (stable-fixes).\n- Revert \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"wifi: ath11k: support hibernation\" (bsc#1207948).\n- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).\n- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).\n- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).\n- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).\n- Update \"drm/mgag200: Added support for the new device G200eH5\" (jsc#PED-12094)\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).\n- accel/qaic: Fix possible data corruption in BOs \u003e 2G (git-fixes).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- af_unix: Annotate data-race of sk-\u003esk_state in unix_stream_read_skb() (bsc#1239435).\n- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).\n- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).\n- affs: do not write overlarge OFS data block size fields (git-fixes).\n- affs: generate OFS sequence numbers starting at 1 (git-fixes).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)\n- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)\n- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)\n- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)\n- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)\n- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)\n- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)\n- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)\n- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)\n- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)\n- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)\n- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)\n- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)\n- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)\n- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)\n- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- arm64: mm: Correct the update of max_pfn (git-fixes)\n- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)\n- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)\n- ata: ahci: Add mask_port_map module parameter (git-fixes).\n- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).\n- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).\n- ata: pata_parport: add custom version of wait_after_reset (git-fixes).\n- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).\n- ata: pata_serverworks: Do not use the term blacklist (git-fixes).\n- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).\n- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).\n- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).\n- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- bitmap: introduce generic optimized bitmap_size() (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: cleanup and fix batch completion adding conditions (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: do not revert iter for -EIOCBQUEUED (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).\n- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).\n- bpf: Fix a verifier verbose message (git-fixes).\n- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).\n- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).\n- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).\n- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).\n- bpf: fix potential error return (git-fixes).\n- bpf: prevent r10 register from being marked as precise (git-fixes).\n- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).\n- broadcom: fix supported flag check in periodic output function (git-fixes).\n- btrfs: check delayed refs when we\u0027re checking if a ref exists (bsc#1239605).\n- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).\n- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).\n- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).\n- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).\n- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).\n- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).\n- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).\n- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).\n- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: flexcan: disable transceiver during system PM (git-fixes).\n- can: flexcan: only change CAN state when link up in system PM (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).\n- can: ucan: fix out of bound read in strscpy() source (git-fixes).\n- cdx: Fix possible UAF error in driver_override_show() (git-fixes).\n- char: misc: deallocate static minor in error path (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).\n- config: Set gcc version (jsc#PED-12251).\n- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).\n- counter: fix privdata alignment (git-fixes).\n- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).\n- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).\n- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).\n- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)\n- cpufreq/cppc: Move and rename (bsc#1237856)\n- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)\n- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)\n- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052)\n Keep the feature disabled by default on x86_64\n- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)\n- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- cpumask: add cpumask_weight_andnot() (bsc#1239015).\n- cpumask: define cleanup function for cpumasks (bsc#1239015).\n- crypto: ccp - Fix check for the primary ASP device (git-fixes).\n- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).\n- crypto: iaa - Change desc-\u003epriv to 0 (jsc#PED-12416).\n- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).\n- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove header table code (jsc#PED-12416).\n- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).\n- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init()\n- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).\n- crypto: iaa - Test the correct request flag (git-fixes).\n- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).\n- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).\n- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).\n- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).\n- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).\n- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).\n- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).\n- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).\n- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).\n- crypto: qat - Fix spelling mistake \"Invalide\" -\u003e \"Invalid\" (jsc#PED-12416).\n- crypto: qat - Fix typo \"accelaration\" (jsc#PED-12416).\n- crypto: qat - Fix typo (jsc#PED-12416).\n- crypto: qat - Remove trailing space after \\n newline (jsc#PED-12416).\n- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).\n- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).\n- crypto: qat - add auto reset on error (jsc#PED-12416).\n- crypto: qat - add bank save and restore flows (jsc#PED-12416).\n- crypto: qat - add fatal error notification (jsc#PED-12416).\n- crypto: qat - add fatal error notify method (jsc#PED-12416).\n- crypto: qat - add heartbeat error simulator (jsc#PED-12416).\n- crypto: qat - add interface for live migration (jsc#PED-12416).\n- crypto: qat - add support for 420xx devices (jsc#PED-12416).\n- crypto: qat - add support for device telemetry (jsc#PED-12416).\n- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).\n- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).\n- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).\n- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).\n- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).\n- crypto: qat - disable arbitration before reset (jsc#PED-12416).\n- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).\n- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).\n- crypto: qat - fix \"Full Going True\" macro definition (jsc#PED-12416).\n- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).\n- crypto: qat - fix comment structure (jsc#PED-12416).\n- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).\n- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).\n- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).\n- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).\n- crypto: qat - implement dh fallback for primes \u003e 4K (jsc#PED-12416).\n- crypto: qat - implement interface for live migration (jsc#PED-12416).\n- crypto: qat - improve aer error reset handling (jsc#PED-12416).\n- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).\n- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).\n- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).\n- crypto: qat - limit heartbeat notifications (jsc#PED-12416).\n- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).\n- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).\n- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).\n- crypto: qat - move fw config related structures (jsc#PED-12416).\n- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).\n- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).\n- crypto: qat - relocate CSR access code (jsc#PED-12416).\n- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).\n- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).\n- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).\n- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).\n- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).\n- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).\n- crypto: qat - set parity error mask for qat_420xx (git-fixes).\n- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).\n- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).\n- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).\n- crypto: qat - validate slices count returned by FW (jsc#PED-12416).\n- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- dlm: prevent NPD when writing a positive value to event_done (git-fixes).\n- dm array: fix cursor index when skipping across block boundaries (git-fixes).\n- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).\n- dm init: Handle minors larger than 255 (git-fixes).\n- dm integrity: fix out-of-range warning (git-fixes).\n- dm persistent data: fix memory allocation failure (git-fixes).\n- dm resume: do not return EINVAL when signalled (git-fixes).\n- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).\n- dm thin: Add missing destroy_work_on_stack() (git-fixes).\n- dm-crypt: do not update io-\u003esector after kcryptd_crypt_write_io_submit() (git-fixes).\n- dm-crypt: track tag_offset in convert_context (git-fixes).\n- dm-delay: fix hung task introduced by kthread mode (git-fixes).\n- dm-delay: fix max_delay calculations (git-fixes).\n- dm-delay: fix workqueue delay_timer race (git-fixes).\n- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).\n- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).\n- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).\n- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).\n- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).\n- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).\n- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).\n- dm: Fix typo in error message (git-fixes).\n- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).\n- doc/README.SUSE: Point to the updated version of LKMPG\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: Remove needless return in void API device_remove_group() (git-fixes).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).\n- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).\n- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).\n- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).\n- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).\n- drm/amd/display: Fix HPD after gpu reset (stable-fixes).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).\n- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).\n- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).\n- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).\n- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).\n- drm/amd/pm/smu11: Prevent division by zero (git-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amd/pm: Prevent division by zero (git-fixes).\n- drm/amd: Keep display off while going into S4 (stable-fixes).\n- drm/amdgpu/dma_buf: fix page_link check (git-fixes).\n- drm/amdgpu/gfx11: fix num_mec (git-fixes).\n- drm/amdgpu/umsch: declare umsch firmware (git-fixes).\n- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).\n- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).\n- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).\n- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to\n avoid Priority Inversion in SRIOV (git-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: Fix Circular Locking Dependency in \u0027svm_range_cpu_invalidate_pagetables\u0027 (git-fixes).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/atomic: Filter out redundant DPMS calls (stable-fixes).\n- drm/bridge: Fix spelling mistake \"gettin\" -\u003e \"getting\" (git-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).\n- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).\n- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).\n- drm/dp_mst: Fix drm RAD print (git-fixes).\n- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).\n- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).\n- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).\n- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).\n- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL\u0027s own port width macro (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mediatek: dp: drm_err =\u003e dev_err in HPD path to avoid NULL ptr (git-fixes).\n- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).\n- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).\n- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).\n- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/dpu: do not use active in atomic_check() (git-fixes).\n- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).\n- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/nouveau: Do not override forced connector status (stable-fixes).\n- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).\n- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).\n- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).\n- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).\n- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).\n- drm/repaper: fix integer overflows in repeat functions (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/sched: Fix fence reference count leak (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).\n- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).\n- drm/ssd130x: fix ssd132x encoding (git-fixes).\n- drm/sti: remove duplicate object names (git-fixes).\n- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- drm/vkms: Fix use after free and double free on init error (git-fixes).\n- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).\n- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).\n- dummycon: fix default rows/cols (git-fixes).\n- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).\n- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).\n- fbdev: sm501fb: Add some geometry checks (git-fixes).\n- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).\n- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).\n- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).\n- firmware: cs_dsp: Remove async regmap writes (git-fixes).\n- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: rcar: Fix missing of_node_put() call (git-fixes).\n- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).\n- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).\n- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).\n- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).\n- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).\n- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).\n- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).\n- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- i2c: omap: fix IRQ storms (git-fixes).\n- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).\n- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).\n- i3c: master: svc: Fix missing the IBI rules (git-fixes).\n- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).\n- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).\n- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).\n- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).\n- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).\n- iio: dac: ad3552r: clear reset status flag (git-fixes).\n- iio: filter: admv8818: Force initialization of SDO (git-fixes).\n- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).\n- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).\n- init: add initramfs_internal.h (bsc#1232848).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- initramfs: allocate heap buffers together (bsc#1232848).\n- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).\n- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).\n- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).\n- intel_th: pci: Add Arrow Lake support (stable-fixes).\n- intel_th: pci: Add Panther Lake-H support (stable-fixes).\n- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).\n- ioam6: improve checks on user data (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- iommu/vt-d: Fix suspicious RCU usage (git-fixes).\n- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).\n- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).\n- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).\n- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).\n- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).\n- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).\n- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).\n- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).\n- ipv6: Use RCU in ip6_input() (bsc#1239994).\n- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).\n- ipv6: avoid atomic fragment on GSO packets (git-fixes).\n- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).\n- ipv6: fib: hide unused \u0027pn\u0027 variable (git-fixes).\n- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).\n- ipv6: fix potential NULL deref in fib6_add() (git-fixes).\n- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).\n- ipv6: introduce dst_rt6_info() helper (git-fixes).\n- ipv6: ioam: block BH from ioam6_output() (git-fixes).\n- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).\n- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- ipv6: sr: add missing seg6_local_exit (git-fixes).\n- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).\n- ipv6: take care of scope when choosing the src addr (git-fixes).\n- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).\n- jfs: add check read-only before txBeginAnon() call (git-fixes).\n- jfs: add index corruption check to DT_GETPAGE() (git-fixes).\n- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).\n- jfs: reject on-disk inodes of an unsupported type (git-fixes).\n- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)\n- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).\n- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).\n- kABI workaround for intel-ish-hid (git-fixes).\n- kABI workaround for soc_mixer_control changes (git-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: hdrcheck: fix cross build with clang (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-binary: Support livepatch_rt with merged RT branch\n- kernel-source: Also replace bin/env\n- kunit: qemu_configs: sparc: use Zilog console (git-fixes).\n- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).\n- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).\n- l2tp: fix lockdep splat (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: 842: Improve error handling in sw842_compress() (git-fixes).\n- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__default_new() to\n perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698\n jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).\n- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- mdacon: rework dependency list (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).\n- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).\n- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).\n- media: i2c: ccs: Set the device\u0027s runtime PM status correctly in remove (git-fixes).\n- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).\n- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).\n- media: ov08x40: Fix hblank out of range issue (git-fixes).\n- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).\n- media: platform: stm32: Add check for clk_enable() (git-fixes).\n- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).\n- media: streamzap: fix race between device disconnection and urb callback (git-fixes).\n- media: streamzap: prevent processing IR data on URB failure (git-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).\n- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).\n- media: venus: hfi: add check to handle incorrect queue size (git-fixes).\n- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).\n- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).\n- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- media: vim2m: print device name after registering device (git-fixes).\n- media: visl: Fix ERANGE error when setting enum controls (git-fixes).\n- mei: me: add panther lake P DID (stable-fixes).\n- memblock tests: fix warning: \"__ALIGN_KERNEL\" redefined (git-fixes).\n- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).\n- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).\n- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).\n- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).\n- mfd: syscon: Remove extern from function prototypes (stable-fixes).\n- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).\n- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).\n- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).\n- mm: accept to promo watermark (bsc#1239600).\n- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).\n- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- mm: zswap: move allocations during CPU init outside the lock (git-fixes).\n- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).\n- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).\n- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: Add check for devm_kcalloc() (git-fixes).\n- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).\n- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).\n- mtd: nand: Fix a kdoc comment (git-fixes).\n- mtd: rawnand: Add status chack in r852_ready() (git-fixes).\n- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).\n- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).\n- net l2tp: drop flow hash on forward (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).\n- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).\n- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).\n- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).\n- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).\n- net/sched: flower: Add lock protection when remove filter handle (git-fixes).\n- net/sched: taprio: make q-\u003epicos_per_byte available to fill_sched_entry() (git-fixes).\n- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: add dev_net_rcu() helper (bsc#1239994).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).\n- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).\n- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).\n- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).\n- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).\n- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).\n- net: ipv6: ioam6: code alignment (git-fixes).\n- net: ipv6: ioam6: new feature tunsrc (git-fixes).\n- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).\n- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).\n- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).\n- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: mana: Allow variable size indirection table (bsc#1239016).\n- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).\n- net: mana: Avoid open coded arithmetic (bsc#1239016).\n- net: mana: Cleanup \"mana\" debugfs dir after cleanup of all children (bsc#1236760).\n- net: mana: Enable debugfs files for MANA device (bsc#1236758).\n- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Support holes in device list reply msg (git-fixes).\n- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).\n- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: netvsc: Update default VMBus channels (bsc#1236757).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).\n- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).\n- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).\n- net: use unrcu_pointer() helper (git-fixes).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).\n- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).\n- net_sched: sch_sfq: annotate data-races around q-\u003eperturb_period (git-fixes).\n- net_sched: sch_sfq: handle bigger packets (git-fixes).\n- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).\n- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).\n- nfsd: clear acl_access/acl_default after releasing them (git-fixes).\n- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).\n- ntb: intel: Fix using link status DB\u0027s (git-fixes).\n- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).\n- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).\n- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).\n- ntb_perf: Fix printk format (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).\n- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).\n- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-ioctl: fix leaked requests on mapping error (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).\n- nvme-pci: remove stale comment (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: Fix a C2HTermReq error message (git-fixes).\n- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).\n- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).\n- nvme: move passthrough logging attribute to head (git-fixes).\n- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvmet-fc: Remove unused functions (git-fixes).\n- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).\n- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- nvmet: remove old function prototype (git-fixes).\n- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).\n- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).\n- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).\n- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).\n- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- ocfs2: handle a symlink read error correctly (git-fixes).\n- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).\n- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).\n- orangefs: fix a oob in orangefs_debug_write (git-fixes).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- padata: fix sysfs store callback check (git-fixes).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- partitions: mac: fix handling of bogus partition table (git-fixes).\n- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).\n- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).\n- perf tools: annotate asm_pure_loop.S (bsc#1239906).\n- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).\n- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).\n- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).\n- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).\n- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).\n- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).\n- platform/x86: ISST: Correct command storage data length (git-fixes).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).\n- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).\n- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).\n- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).\n- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).\n- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).\n- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).\n- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).\n- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).\n- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid\n mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).\n- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- powerpc: Stop using no_llseek (bsc#1239573).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).\n- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).\n- rapidio: fix an API misues when rio_add_net() fails (git-fixes).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- regulator: check that dummy regulator has been probed before using it (stable-fixes).\n- regulator: core: Fix deadlock in create_regulator() (git-fixes).\n- regulator: dummy: force synchronous probing (git-fixes).\n- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- rpm/release-projects: Update the ALP projects again (bsc#1231293).\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).\n- s390/cio: Fix CHPID \"configure\" attribute caching (git-fixes bsc#1240979).\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).\n- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).\n- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).\n- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).\n- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).\n- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/mm/cow: fix the incorrect error handling (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- selinux: Implement mptcp_add_subflow hook (bsc#1240375).\n- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).\n- smb3: fix creating FIFOs when mounting with \"sfu\" mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: destroy cfid_put_wq on module exit (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix open_cached_dir retries with \u0027hard\u0027 mount option (bsc#1240616).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- soc: imx8m: Remove global soc_uid (stable-fixes).\n- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).\n- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).\n- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: pdr: Fix the potential deadlock (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).\n- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).\n- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).\n- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- splice: do not checksum AF_UNIX sockets (bsc#1240333).\n- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).\n- sunrpc: suppress warnings for unused procfs functions (git-fixes).\n- supported.conf: add now-included qat_420xx (external, intel)\n- tcp: Add memory barrier to tcp_push() (git-fixes).\n- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).\n- tcp: Annotate data-race around sk-\u003esk_mark in tcp_v4_send_reset (git-fixes).\n- tcp: Defer ts_recent changes until req is owned (git-fixes).\n- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).\n- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).\n- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).\n- tcp: Update window clamping condition (git-fixes).\n- tcp: add tcp_done_with_error() helper (git-fixes).\n- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).\n- tcp: annotate data-races around tp-\u003ewindow_clamp (git-fixes).\n- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).\n- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).\n- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).\n- tcp: check space before adding MPTCP SYN options (git-fixes).\n- tcp: clear tp-\u003eretrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).\n- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).\n- tcp: define initial scaling factor value as a macro (git-fixes).\n- tcp: derive delack_max from rto_min (git-fixes).\n- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).\n- tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).\n- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).\n- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).\n- tcp: fix mid stream window clamp (git-fixes).\n- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).\n- tcp: fix race in tcp_write_err() (git-fixes).\n- tcp: fix races in tcp_abort() (git-fixes).\n- tcp: fix races in tcp_v_err() (git-fixes).\n- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it\u0027s safe (git-fixes).\n- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).\n- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).\n- tcp: increase the default TCP scaling ratio (git-fixes).\n- tcp: introduce tcp_clock_ms() (git-fixes).\n- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).\n- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).\n- tcp: remove 64 KByte limit for initial tp-\u003ercv_wnd value (git-fixes).\n- tcp: replace tcp_time_stamp_raw() (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).\n- thermal: int340x: Add NULL check for adev (git-fixes).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).\n- tools: fix annoying \"mkdir -p ...\" logs when building tools in parallel (git-fixes).\n- tools: move alignment-related macros to new \u0026lt;linux/align.h\u003e (git-fixes).\n- topology: Set capacity_freq_ref in all cases (bsc#1238052)\n- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).\n- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).\n- tpm: do not start chip while suspended (git-fixes).\n- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).\n- tpm: tis: Double the timeout B to 4s (bsc#1235870).\n- tpm_tis: Move CRC check to generic send routine (bsc#1235870).\n- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).\n- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).\n- tty: serial: 8250: Add some more device IDs (stable-fixes).\n- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).\n- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).\n- tty: xilinx_uartps: split sysrq handling (git-fixes).\n- ubi: Add a check for ubi_num (git-fixes).\n- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).\n- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).\n- ubi: correct the calculation of fastmap size (stable-fixes).\n- ubi: eba: properly rollback inside self_check_eba (git-fixes).\n- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).\n- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).\n- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).\n- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).\n- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: chipidea: ci_hdrc_imx: decrement device\u0027s refcount in .remove() and in the error path of .probe() (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).\n- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).\n- usb: gadget: Fix setting self-powered state on suspend (git-fixes).\n- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: hub: lack of clearing xHC resources (git-fixes).\n- usb: phy: generic: Use proper helper for property detection (stable-fixes).\n- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: renesas_usbhs: Call clk_put() (git-fixes).\n- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).\n- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).\n- usb: typec: ucsi: Fix NULL pointer access (git-fixes).\n- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).\n- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).\n- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usb: xhci: correct debug message page size calculation (git-fixes).\n- usb: xhci: remove \u0027retval\u0027 from xhci_pci_resume() (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- usbnet:fix NPE during rx_complete (git-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vboxsf: fix building with GCC 15 (stable-fixes).\n- vfio/pci: Lock external INTx masking ops (bsc#1222803).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio-mem: check if the config changed before fake offlining memory (git-fixes).\n- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).\n- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).\n- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- vsock/virtio: cancel close work in the destructor (git-fixes)\n- vsock: Keep the binding until socket destruction (git-fixes)\n- vsock: reset socket state when de-assigning the transport (git-fixes)\n- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).\n- wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode (git-fixes).\n- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).\n- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).\n- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).\n- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).\n- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).\n- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).\n- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).\n- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).\n- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).\n- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).\n- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).\n- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).\n- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).\n- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).\n- wifi: mt76: Add check for devm_kstrdup() (git-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).\n- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).\n- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).\n- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).\n- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).\n- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/coco: Replace \u0027static const cc_mask\u0027 with the newly introduced cc_get_mask() function (git-fixes).\n- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).\n- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).\n- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).\n- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).\n- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).\n- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).\n- x86/microcode/32: Move early loading after paging enable (git-fixes).\n- x86/microcode/amd: Cache builtin microcode too (git-fixes).\n- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).\n- x86/microcode/amd: Use cached microcode for AP load (git-fixes).\n- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).\n- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).\n- x86/microcode/intel: Cleanup code further (git-fixes).\n- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).\n- x86/microcode/intel: Remove debug code (git-fixes).\n- x86/microcode/intel: Remove pointless mutex (git-fixes).\n- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).\n- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).\n- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).\n- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).\n- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).\n- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).\n- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).\n- x86/microcode/intel: Simplify early loading (git-fixes).\n- x86/microcode/intel: Simplify scan_microcode() (git-fixes).\n- x86/microcode/intel: Switch to kvmalloc() (git-fixes).\n- x86/microcode/intel: Unify microcode apply() functions (git-fixes).\n- x86/microcode: Add per CPU control field (git-fixes).\n- x86/microcode: Add per CPU result state (git-fixes).\n- x86/microcode: Clarify the late load logic (git-fixes).\n- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).\n- x86/microcode: Get rid of the schedule work indirection (git-fixes).\n- x86/microcode: Handle \"nosmt\" correctly (git-fixes).\n- x86/microcode: Handle \"offline\" CPUs correctly (git-fixes).\n- x86/microcode: Hide the config knob (git-fixes).\n- x86/microcode: Include vendor headers into microcode.h (git-fixes).\n- x86/microcode: Make reload_early_microcode() static (git-fixes).\n- x86/microcode: Mop up early loading leftovers (git-fixes).\n- x86/microcode: Move core specific defines to local header (git-fixes).\n- x86/microcode: Prepare for minimal revision check (git-fixes).\n- x86/microcode: Protect against instrumentation (git-fixes).\n- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).\n- x86/microcode: Provide new control functions (git-fixes).\n- x86/microcode: Remove microcode_mutex (git-fixes).\n- x86/microcode: Remove pointless apply() invocation (git-fixes).\n- x86/microcode: Rendezvous and load in NMI (git-fixes).\n- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).\n- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/mm: Remove unused microcode.h include (git-fixes).\n- x86/platform/olpc: Remove unused variable \u0027len\u0027 in olpc_dt_compatible_match() (git-fixes).\n- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).\n- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()\u0027s description (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).\n- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).\n- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).\n- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).\n- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).\n- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).\n- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).\n- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).\n- xhci: dbc: Convert to use sysfs_streq() (git-fixes).\n- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).\n- xhci: dbc: Fix STALL transfer event handling (git-fixes).\n- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).\n- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).\n- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).\n- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).\n- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).\n- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).\n- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).\n- xhci: pci: Use standard pattern for device IDs (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-14",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20270-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20270-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520270-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20270-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021056.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1207948",
"url": "https://bugzilla.suse.com/1207948"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1215211",
"url": "https://bugzilla.suse.com/1215211"
},
{
"category": "self",
"summary": "SUSE Bug 1218470",
"url": "https://bugzilla.suse.com/1218470"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1221651",
"url": "https://bugzilla.suse.com/1221651"
},
{
"category": "self",
"summary": "SUSE Bug 1222649",
"url": "https://bugzilla.suse.com/1222649"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1223047",
"url": "https://bugzilla.suse.com/1223047"
},
{
"category": "self",
"summary": "SUSE Bug 1224013",
"url": "https://bugzilla.suse.com/1224013"
},
{
"category": "self",
"summary": "SUSE Bug 1224049",
"url": "https://bugzilla.suse.com/1224049"
},
{
"category": "self",
"summary": "SUSE Bug 1224489",
"url": "https://bugzilla.suse.com/1224489"
},
{
"category": "self",
"summary": "SUSE Bug 1224610",
"url": "https://bugzilla.suse.com/1224610"
},
{
"category": "self",
"summary": "SUSE Bug 1224757",
"url": "https://bugzilla.suse.com/1224757"
},
{
"category": "self",
"summary": "SUSE Bug 1225533",
"url": "https://bugzilla.suse.com/1225533"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225770",
"url": "https://bugzilla.suse.com/1225770"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1226871",
"url": "https://bugzilla.suse.com/1226871"
},
{
"category": "self",
"summary": "SUSE Bug 1227858",
"url": "https://bugzilla.suse.com/1227858"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1228653",
"url": "https://bugzilla.suse.com/1228653"
},
{
"category": "self",
"summary": "SUSE Bug 1228659",
"url": "https://bugzilla.suse.com/1228659"
},
{
"category": "self",
"summary": "SUSE Bug 1229311",
"url": "https://bugzilla.suse.com/1229311"
},
{
"category": "self",
"summary": "SUSE Bug 1229361",
"url": "https://bugzilla.suse.com/1229361"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1230728",
"url": "https://bugzilla.suse.com/1230728"
},
{
"category": "self",
"summary": "SUSE Bug 1230769",
"url": "https://bugzilla.suse.com/1230769"
},
{
"category": "self",
"summary": "SUSE Bug 1230832",
"url": "https://bugzilla.suse.com/1230832"
},
{
"category": "self",
"summary": "SUSE Bug 1231088",
"url": "https://bugzilla.suse.com/1231088"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231910",
"url": "https://bugzilla.suse.com/1231910"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232364",
"url": "https://bugzilla.suse.com/1232364"
},
{
"category": "self",
"summary": "SUSE Bug 1232389",
"url": "https://bugzilla.suse.com/1232389"
},
{
"category": "self",
"summary": "SUSE Bug 1232421",
"url": "https://bugzilla.suse.com/1232421"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232743",
"url": "https://bugzilla.suse.com/1232743"
},
{
"category": "self",
"summary": "SUSE Bug 1232812",
"url": "https://bugzilla.suse.com/1232812"
},
{
"category": "self",
"summary": "SUSE Bug 1232848",
"url": "https://bugzilla.suse.com/1232848"
},
{
"category": "self",
"summary": "SUSE Bug 1232895",
"url": "https://bugzilla.suse.com/1232895"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233033",
"url": "https://bugzilla.suse.com/1233033"
},
{
"category": "self",
"summary": "SUSE Bug 1233060",
"url": "https://bugzilla.suse.com/1233060"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233221",
"url": "https://bugzilla.suse.com/1233221"
},
{
"category": "self",
"summary": "SUSE Bug 1233248",
"url": "https://bugzilla.suse.com/1233248"
},
{
"category": "self",
"summary": "SUSE Bug 1233259",
"url": "https://bugzilla.suse.com/1233259"
},
{
"category": "self",
"summary": "SUSE Bug 1233260",
"url": "https://bugzilla.suse.com/1233260"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233522",
"url": "https://bugzilla.suse.com/1233522"
},
{
"category": "self",
"summary": "SUSE Bug 1233551",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234074",
"url": "https://bugzilla.suse.com/1234074"
},
{
"category": "self",
"summary": "SUSE Bug 1234157",
"url": "https://bugzilla.suse.com/1234157"
},
{
"category": "self",
"summary": "SUSE Bug 1234222",
"url": "https://bugzilla.suse.com/1234222"
},
{
"category": "self",
"summary": "SUSE Bug 1234480",
"url": "https://bugzilla.suse.com/1234480"
},
{
"category": "self",
"summary": "SUSE Bug 1234698",
"url": "https://bugzilla.suse.com/1234698"
},
{
"category": "self",
"summary": "SUSE Bug 1234828",
"url": "https://bugzilla.suse.com/1234828"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234936",
"url": "https://bugzilla.suse.com/1234936"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235244",
"url": "https://bugzilla.suse.com/1235244"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235436",
"url": "https://bugzilla.suse.com/1235436"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235455",
"url": "https://bugzilla.suse.com/1235455"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235501",
"url": "https://bugzilla.suse.com/1235501"
},
{
"category": "self",
"summary": "SUSE Bug 1235524",
"url": "https://bugzilla.suse.com/1235524"
},
{
"category": "self",
"summary": "SUSE Bug 1235550",
"url": "https://bugzilla.suse.com/1235550"
},
{
"category": "self",
"summary": "SUSE Bug 1235589",
"url": "https://bugzilla.suse.com/1235589"
},
{
"category": "self",
"summary": "SUSE Bug 1235591",
"url": "https://bugzilla.suse.com/1235591"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235621",
"url": "https://bugzilla.suse.com/1235621"
},
{
"category": "self",
"summary": "SUSE Bug 1235637",
"url": "https://bugzilla.suse.com/1235637"
},
{
"category": "self",
"summary": "SUSE Bug 1235698",
"url": "https://bugzilla.suse.com/1235698"
},
{
"category": "self",
"summary": "SUSE Bug 1235711",
"url": "https://bugzilla.suse.com/1235711"
},
{
"category": "self",
"summary": "SUSE Bug 1235712",
"url": "https://bugzilla.suse.com/1235712"
},
{
"category": "self",
"summary": "SUSE Bug 1235715",
"url": "https://bugzilla.suse.com/1235715"
},
{
"category": "self",
"summary": "SUSE Bug 1235729",
"url": "https://bugzilla.suse.com/1235729"
},
{
"category": "self",
"summary": "SUSE Bug 1235733",
"url": "https://bugzilla.suse.com/1235733"
},
{
"category": "self",
"summary": "SUSE Bug 1235761",
"url": "https://bugzilla.suse.com/1235761"
},
{
"category": "self",
"summary": "SUSE Bug 1235870",
"url": "https://bugzilla.suse.com/1235870"
},
{
"category": "self",
"summary": "SUSE Bug 1235874",
"url": "https://bugzilla.suse.com/1235874"
},
{
"category": "self",
"summary": "SUSE Bug 1235914",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1235973",
"url": "https://bugzilla.suse.com/1235973"
},
{
"category": "self",
"summary": "SUSE Bug 1236099",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "self",
"summary": "SUSE Bug 1236111",
"url": "https://bugzilla.suse.com/1236111"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236206",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236680",
"url": "https://bugzilla.suse.com/1236680"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236683",
"url": "https://bugzilla.suse.com/1236683"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236685",
"url": "https://bugzilla.suse.com/1236685"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236692",
"url": "https://bugzilla.suse.com/1236692"
},
{
"category": "self",
"summary": "SUSE Bug 1236694",
"url": "https://bugzilla.suse.com/1236694"
},
{
"category": "self",
"summary": "SUSE Bug 1236698",
"url": "https://bugzilla.suse.com/1236698"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236757",
"url": "https://bugzilla.suse.com/1236757"
},
{
"category": "self",
"summary": "SUSE Bug 1236758",
"url": "https://bugzilla.suse.com/1236758"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236760",
"url": "https://bugzilla.suse.com/1236760"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237029",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237164",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237313",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237530",
"url": "https://bugzilla.suse.com/1237530"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237565",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "self",
"summary": "SUSE Bug 1237571",
"url": "https://bugzilla.suse.com/1237571"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237853",
"url": "https://bugzilla.suse.com/1237853"
},
{
"category": "self",
"summary": "SUSE Bug 1237856",
"url": "https://bugzilla.suse.com/1237856"
},
{
"category": "self",
"summary": "SUSE Bug 1237873",
"url": "https://bugzilla.suse.com/1237873"
},
{
"category": "self",
"summary": "SUSE Bug 1237874",
"url": "https://bugzilla.suse.com/1237874"
},
{
"category": "self",
"summary": "SUSE Bug 1237875",
"url": "https://bugzilla.suse.com/1237875"
},
{
"category": "self",
"summary": "SUSE Bug 1237876",
"url": "https://bugzilla.suse.com/1237876"
},
{
"category": "self",
"summary": "SUSE Bug 1237877",
"url": "https://bugzilla.suse.com/1237877"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237881",
"url": "https://bugzilla.suse.com/1237881"
},
{
"category": "self",
"summary": "SUSE Bug 1237882",
"url": "https://bugzilla.suse.com/1237882"
},
{
"category": "self",
"summary": "SUSE Bug 1237885",
"url": "https://bugzilla.suse.com/1237885"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237890",
"url": "https://bugzilla.suse.com/1237890"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237894",
"url": "https://bugzilla.suse.com/1237894"
},
{
"category": "self",
"summary": "SUSE Bug 1237897",
"url": "https://bugzilla.suse.com/1237897"
},
{
"category": "self",
"summary": "SUSE Bug 1237900",
"url": "https://bugzilla.suse.com/1237900"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237906",
"url": "https://bugzilla.suse.com/1237906"
},
{
"category": "self",
"summary": "SUSE Bug 1237907",
"url": "https://bugzilla.suse.com/1237907"
},
{
"category": "self",
"summary": "SUSE Bug 1237911",
"url": "https://bugzilla.suse.com/1237911"
},
{
"category": "self",
"summary": "SUSE Bug 1237912",
"url": "https://bugzilla.suse.com/1237912"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238052",
"url": "https://bugzilla.suse.com/1238052"
},
{
"category": "self",
"summary": "SUSE Bug 1238212",
"url": "https://bugzilla.suse.com/1238212"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238474",
"url": "https://bugzilla.suse.com/1238474"
},
{
"category": "self",
"summary": "SUSE Bug 1238475",
"url": "https://bugzilla.suse.com/1238475"
},
{
"category": "self",
"summary": "SUSE Bug 1238479",
"url": "https://bugzilla.suse.com/1238479"
},
{
"category": "self",
"summary": "SUSE Bug 1238494",
"url": "https://bugzilla.suse.com/1238494"
},
{
"category": "self",
"summary": "SUSE Bug 1238496",
"url": "https://bugzilla.suse.com/1238496"
},
{
"category": "self",
"summary": "SUSE Bug 1238497",
"url": "https://bugzilla.suse.com/1238497"
},
{
"category": "self",
"summary": "SUSE Bug 1238500",
"url": "https://bugzilla.suse.com/1238500"
},
{
"category": "self",
"summary": "SUSE Bug 1238501",
"url": "https://bugzilla.suse.com/1238501"
},
{
"category": "self",
"summary": "SUSE Bug 1238502",
"url": "https://bugzilla.suse.com/1238502"
},
{
"category": "self",
"summary": "SUSE Bug 1238503",
"url": "https://bugzilla.suse.com/1238503"
},
{
"category": "self",
"summary": "SUSE Bug 1238506",
"url": "https://bugzilla.suse.com/1238506"
},
{
"category": "self",
"summary": "SUSE Bug 1238507",
"url": "https://bugzilla.suse.com/1238507"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238510",
"url": "https://bugzilla.suse.com/1238510"
},
{
"category": "self",
"summary": "SUSE Bug 1238511",
"url": "https://bugzilla.suse.com/1238511"
},
{
"category": "self",
"summary": "SUSE Bug 1238512",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "self",
"summary": "SUSE Bug 1238521",
"url": "https://bugzilla.suse.com/1238521"
},
{
"category": "self",
"summary": "SUSE Bug 1238523",
"url": "https://bugzilla.suse.com/1238523"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238526",
"url": "https://bugzilla.suse.com/1238526"
},
{
"category": "self",
"summary": "SUSE Bug 1238528",
"url": "https://bugzilla.suse.com/1238528"
},
{
"category": "self",
"summary": "SUSE Bug 1238529",
"url": "https://bugzilla.suse.com/1238529"
},
{
"category": "self",
"summary": "SUSE Bug 1238531",
"url": "https://bugzilla.suse.com/1238531"
},
{
"category": "self",
"summary": "SUSE Bug 1238532",
"url": "https://bugzilla.suse.com/1238532"
},
{
"category": "self",
"summary": "SUSE Bug 1238565",
"url": "https://bugzilla.suse.com/1238565"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238715",
"url": "https://bugzilla.suse.com/1238715"
},
{
"category": "self",
"summary": "SUSE Bug 1238716",
"url": "https://bugzilla.suse.com/1238716"
},
{
"category": "self",
"summary": "SUSE Bug 1238734",
"url": "https://bugzilla.suse.com/1238734"
},
{
"category": "self",
"summary": "SUSE Bug 1238735",
"url": "https://bugzilla.suse.com/1238735"
},
{
"category": "self",
"summary": "SUSE Bug 1238736",
"url": "https://bugzilla.suse.com/1238736"
},
{
"category": "self",
"summary": "SUSE Bug 1238738",
"url": "https://bugzilla.suse.com/1238738"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238746",
"url": "https://bugzilla.suse.com/1238746"
},
{
"category": "self",
"summary": "SUSE Bug 1238747",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238754",
"url": "https://bugzilla.suse.com/1238754"
},
{
"category": "self",
"summary": "SUSE Bug 1238757",
"url": "https://bugzilla.suse.com/1238757"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238760",
"url": "https://bugzilla.suse.com/1238760"
},
{
"category": "self",
"summary": "SUSE Bug 1238762",
"url": "https://bugzilla.suse.com/1238762"
},
{
"category": "self",
"summary": "SUSE Bug 1238763",
"url": "https://bugzilla.suse.com/1238763"
},
{
"category": "self",
"summary": "SUSE Bug 1238767",
"url": "https://bugzilla.suse.com/1238767"
},
{
"category": "self",
"summary": "SUSE Bug 1238768",
"url": "https://bugzilla.suse.com/1238768"
},
{
"category": "self",
"summary": "SUSE Bug 1238771",
"url": "https://bugzilla.suse.com/1238771"
},
{
"category": "self",
"summary": "SUSE Bug 1238772",
"url": "https://bugzilla.suse.com/1238772"
},
{
"category": "self",
"summary": "SUSE Bug 1238773",
"url": "https://bugzilla.suse.com/1238773"
},
{
"category": "self",
"summary": "SUSE Bug 1238775",
"url": "https://bugzilla.suse.com/1238775"
},
{
"category": "self",
"summary": "SUSE Bug 1238780",
"url": "https://bugzilla.suse.com/1238780"
},
{
"category": "self",
"summary": "SUSE Bug 1238781",
"url": "https://bugzilla.suse.com/1238781"
},
{
"category": "self",
"summary": "SUSE Bug 1238785",
"url": "https://bugzilla.suse.com/1238785"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238864",
"url": "https://bugzilla.suse.com/1238864"
},
{
"category": "self",
"summary": "SUSE Bug 1238865",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "self",
"summary": "SUSE Bug 1238876",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE Bug 1238903",
"url": "https://bugzilla.suse.com/1238903"
},
{
"category": "self",
"summary": "SUSE Bug 1238904",
"url": "https://bugzilla.suse.com/1238904"
},
{
"category": "self",
"summary": "SUSE Bug 1238905",
"url": "https://bugzilla.suse.com/1238905"
},
{
"category": "self",
"summary": "SUSE Bug 1238909",
"url": "https://bugzilla.suse.com/1238909"
},
{
"category": "self",
"summary": "SUSE Bug 1238911",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "self",
"summary": "SUSE Bug 1238917",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "self",
"summary": "SUSE Bug 1238958",
"url": "https://bugzilla.suse.com/1238958"
},
{
"category": "self",
"summary": "SUSE Bug 1238959",
"url": "https://bugzilla.suse.com/1238959"
},
{
"category": "self",
"summary": "SUSE Bug 1238963",
"url": "https://bugzilla.suse.com/1238963"
},
{
"category": "self",
"summary": "SUSE Bug 1238964",
"url": "https://bugzilla.suse.com/1238964"
},
{
"category": "self",
"summary": "SUSE Bug 1238969",
"url": "https://bugzilla.suse.com/1238969"
},
{
"category": "self",
"summary": "SUSE Bug 1238970",
"url": "https://bugzilla.suse.com/1238970"
},
{
"category": "self",
"summary": "SUSE Bug 1238971",
"url": "https://bugzilla.suse.com/1238971"
},
{
"category": "self",
"summary": "SUSE Bug 1238973",
"url": "https://bugzilla.suse.com/1238973"
},
{
"category": "self",
"summary": "SUSE Bug 1238975",
"url": "https://bugzilla.suse.com/1238975"
},
{
"category": "self",
"summary": "SUSE Bug 1238978",
"url": "https://bugzilla.suse.com/1238978"
},
{
"category": "self",
"summary": "SUSE Bug 1238979",
"url": "https://bugzilla.suse.com/1238979"
},
{
"category": "self",
"summary": "SUSE Bug 1238981",
"url": "https://bugzilla.suse.com/1238981"
},
{
"category": "self",
"summary": "SUSE Bug 1238984",
"url": "https://bugzilla.suse.com/1238984"
},
{
"category": "self",
"summary": "SUSE Bug 1238986",
"url": "https://bugzilla.suse.com/1238986"
},
{
"category": "self",
"summary": "SUSE Bug 1238990",
"url": "https://bugzilla.suse.com/1238990"
},
{
"category": "self",
"summary": "SUSE Bug 1238993",
"url": "https://bugzilla.suse.com/1238993"
},
{
"category": "self",
"summary": "SUSE Bug 1238994",
"url": "https://bugzilla.suse.com/1238994"
},
{
"category": "self",
"summary": "SUSE Bug 1238997",
"url": "https://bugzilla.suse.com/1238997"
},
{
"category": "self",
"summary": "SUSE Bug 1239015",
"url": "https://bugzilla.suse.com/1239015"
},
{
"category": "self",
"summary": "SUSE Bug 1239016",
"url": "https://bugzilla.suse.com/1239016"
},
{
"category": "self",
"summary": "SUSE Bug 1239027",
"url": "https://bugzilla.suse.com/1239027"
},
{
"category": "self",
"summary": "SUSE Bug 1239029",
"url": "https://bugzilla.suse.com/1239029"
},
{
"category": "self",
"summary": "SUSE Bug 1239030",
"url": "https://bugzilla.suse.com/1239030"
},
{
"category": "self",
"summary": "SUSE Bug 1239033",
"url": "https://bugzilla.suse.com/1239033"
},
{
"category": "self",
"summary": "SUSE Bug 1239034",
"url": "https://bugzilla.suse.com/1239034"
},
{
"category": "self",
"summary": "SUSE Bug 1239036",
"url": "https://bugzilla.suse.com/1239036"
},
{
"category": "self",
"summary": "SUSE Bug 1239037",
"url": "https://bugzilla.suse.com/1239037"
},
{
"category": "self",
"summary": "SUSE Bug 1239038",
"url": "https://bugzilla.suse.com/1239038"
},
{
"category": "self",
"summary": "SUSE Bug 1239039",
"url": "https://bugzilla.suse.com/1239039"
},
{
"category": "self",
"summary": "SUSE Bug 1239045",
"url": "https://bugzilla.suse.com/1239045"
},
{
"category": "self",
"summary": "SUSE Bug 1239065",
"url": "https://bugzilla.suse.com/1239065"
},
{
"category": "self",
"summary": "SUSE Bug 1239066",
"url": "https://bugzilla.suse.com/1239066"
},
{
"category": "self",
"summary": "SUSE Bug 1239068",
"url": "https://bugzilla.suse.com/1239068"
},
{
"category": "self",
"summary": "SUSE Bug 1239073",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "self",
"summary": "SUSE Bug 1239076",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "self",
"summary": "SUSE Bug 1239080",
"url": "https://bugzilla.suse.com/1239080"
},
{
"category": "self",
"summary": "SUSE Bug 1239085",
"url": "https://bugzilla.suse.com/1239085"
},
{
"category": "self",
"summary": "SUSE Bug 1239087",
"url": "https://bugzilla.suse.com/1239087"
},
{
"category": "self",
"summary": "SUSE Bug 1239095",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "self",
"summary": "SUSE Bug 1239104",
"url": "https://bugzilla.suse.com/1239104"
},
{
"category": "self",
"summary": "SUSE Bug 1239105",
"url": "https://bugzilla.suse.com/1239105"
},
{
"category": "self",
"summary": "SUSE Bug 1239109",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "self",
"summary": "SUSE Bug 1239112",
"url": "https://bugzilla.suse.com/1239112"
},
{
"category": "self",
"summary": "SUSE Bug 1239114",
"url": "https://bugzilla.suse.com/1239114"
},
{
"category": "self",
"summary": "SUSE Bug 1239115",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "self",
"summary": "SUSE Bug 1239117",
"url": "https://bugzilla.suse.com/1239117"
},
{
"category": "self",
"summary": "SUSE Bug 1239167",
"url": "https://bugzilla.suse.com/1239167"
},
{
"category": "self",
"summary": "SUSE Bug 1239174",
"url": "https://bugzilla.suse.com/1239174"
},
{
"category": "self",
"summary": "SUSE Bug 1239346",
"url": "https://bugzilla.suse.com/1239346"
},
{
"category": "self",
"summary": "SUSE Bug 1239349",
"url": "https://bugzilla.suse.com/1239349"
},
{
"category": "self",
"summary": "SUSE Bug 1239435",
"url": "https://bugzilla.suse.com/1239435"
},
{
"category": "self",
"summary": "SUSE Bug 1239467",
"url": "https://bugzilla.suse.com/1239467"
},
{
"category": "self",
"summary": "SUSE Bug 1239468",
"url": "https://bugzilla.suse.com/1239468"
},
{
"category": "self",
"summary": "SUSE Bug 1239471",
"url": "https://bugzilla.suse.com/1239471"
},
{
"category": "self",
"summary": "SUSE Bug 1239473",
"url": "https://bugzilla.suse.com/1239473"
},
{
"category": "self",
"summary": "SUSE Bug 1239474",
"url": "https://bugzilla.suse.com/1239474"
},
{
"category": "self",
"summary": "SUSE Bug 1239475",
"url": "https://bugzilla.suse.com/1239475"
},
{
"category": "self",
"summary": "SUSE Bug 1239477",
"url": "https://bugzilla.suse.com/1239477"
},
{
"category": "self",
"summary": "SUSE Bug 1239478",
"url": "https://bugzilla.suse.com/1239478"
},
{
"category": "self",
"summary": "SUSE Bug 1239479",
"url": "https://bugzilla.suse.com/1239479"
},
{
"category": "self",
"summary": "SUSE Bug 1239481",
"url": "https://bugzilla.suse.com/1239481"
},
{
"category": "self",
"summary": "SUSE Bug 1239482",
"url": "https://bugzilla.suse.com/1239482"
},
{
"category": "self",
"summary": "SUSE Bug 1239483",
"url": "https://bugzilla.suse.com/1239483"
},
{
"category": "self",
"summary": "SUSE Bug 1239484",
"url": "https://bugzilla.suse.com/1239484"
},
{
"category": "self",
"summary": "SUSE Bug 1239486",
"url": "https://bugzilla.suse.com/1239486"
},
{
"category": "self",
"summary": "SUSE Bug 1239508",
"url": "https://bugzilla.suse.com/1239508"
},
{
"category": "self",
"summary": "SUSE Bug 1239512",
"url": "https://bugzilla.suse.com/1239512"
},
{
"category": "self",
"summary": "SUSE Bug 1239518",
"url": "https://bugzilla.suse.com/1239518"
},
{
"category": "self",
"summary": "SUSE Bug 1239573",
"url": "https://bugzilla.suse.com/1239573"
},
{
"category": "self",
"summary": "SUSE Bug 1239594",
"url": "https://bugzilla.suse.com/1239594"
},
{
"category": "self",
"summary": "SUSE Bug 1239595",
"url": "https://bugzilla.suse.com/1239595"
},
{
"category": "self",
"summary": "SUSE Bug 1239600",
"url": "https://bugzilla.suse.com/1239600"
},
{
"category": "self",
"summary": "SUSE Bug 1239605",
"url": "https://bugzilla.suse.com/1239605"
},
{
"category": "self",
"summary": "SUSE Bug 1239615",
"url": "https://bugzilla.suse.com/1239615"
},
{
"category": "self",
"summary": "SUSE Bug 1239644",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "self",
"summary": "SUSE Bug 1239684",
"url": "https://bugzilla.suse.com/1239684"
},
{
"category": "self",
"summary": "SUSE Bug 1239707",
"url": "https://bugzilla.suse.com/1239707"
},
{
"category": "self",
"summary": "SUSE Bug 1239906",
"url": "https://bugzilla.suse.com/1239906"
},
{
"category": "self",
"summary": "SUSE Bug 1239925",
"url": "https://bugzilla.suse.com/1239925"
},
{
"category": "self",
"summary": "SUSE Bug 1239986",
"url": "https://bugzilla.suse.com/1239986"
},
{
"category": "self",
"summary": "SUSE Bug 1239994",
"url": "https://bugzilla.suse.com/1239994"
},
{
"category": "self",
"summary": "SUSE Bug 1240167",
"url": "https://bugzilla.suse.com/1240167"
},
{
"category": "self",
"summary": "SUSE Bug 1240168",
"url": "https://bugzilla.suse.com/1240168"
},
{
"category": "self",
"summary": "SUSE Bug 1240169",
"url": "https://bugzilla.suse.com/1240169"
},
{
"category": "self",
"summary": "SUSE Bug 1240171",
"url": "https://bugzilla.suse.com/1240171"
},
{
"category": "self",
"summary": "SUSE Bug 1240172",
"url": "https://bugzilla.suse.com/1240172"
},
{
"category": "self",
"summary": "SUSE Bug 1240173",
"url": "https://bugzilla.suse.com/1240173"
},
{
"category": "self",
"summary": "SUSE Bug 1240175",
"url": "https://bugzilla.suse.com/1240175"
},
{
"category": "self",
"summary": "SUSE Bug 1240176",
"url": "https://bugzilla.suse.com/1240176"
},
{
"category": "self",
"summary": "SUSE Bug 1240177",
"url": "https://bugzilla.suse.com/1240177"
},
{
"category": "self",
"summary": "SUSE Bug 1240179",
"url": "https://bugzilla.suse.com/1240179"
},
{
"category": "self",
"summary": "SUSE Bug 1240182",
"url": "https://bugzilla.suse.com/1240182"
},
{
"category": "self",
"summary": "SUSE Bug 1240183",
"url": "https://bugzilla.suse.com/1240183"
},
{
"category": "self",
"summary": "SUSE Bug 1240184",
"url": "https://bugzilla.suse.com/1240184"
},
{
"category": "self",
"summary": "SUSE Bug 1240185",
"url": "https://bugzilla.suse.com/1240185"
},
{
"category": "self",
"summary": "SUSE Bug 1240186",
"url": "https://bugzilla.suse.com/1240186"
},
{
"category": "self",
"summary": "SUSE Bug 1240188",
"url": "https://bugzilla.suse.com/1240188"
},
{
"category": "self",
"summary": "SUSE Bug 1240189",
"url": "https://bugzilla.suse.com/1240189"
},
{
"category": "self",
"summary": "SUSE Bug 1240191",
"url": "https://bugzilla.suse.com/1240191"
},
{
"category": "self",
"summary": "SUSE Bug 1240192",
"url": "https://bugzilla.suse.com/1240192"
},
{
"category": "self",
"summary": "SUSE Bug 1240333",
"url": "https://bugzilla.suse.com/1240333"
},
{
"category": "self",
"summary": "SUSE Bug 1240334",
"url": "https://bugzilla.suse.com/1240334"
},
{
"category": "self",
"summary": "SUSE Bug 1240375",
"url": "https://bugzilla.suse.com/1240375"
},
{
"category": "self",
"summary": "SUSE Bug 1240575",
"url": "https://bugzilla.suse.com/1240575"
},
{
"category": "self",
"summary": "SUSE Bug 1240581",
"url": "https://bugzilla.suse.com/1240581"
},
{
"category": "self",
"summary": "SUSE Bug 1240582",
"url": "https://bugzilla.suse.com/1240582"
},
{
"category": "self",
"summary": "SUSE Bug 1240583",
"url": "https://bugzilla.suse.com/1240583"
},
{
"category": "self",
"summary": "SUSE Bug 1240584",
"url": "https://bugzilla.suse.com/1240584"
},
{
"category": "self",
"summary": "SUSE Bug 1240585",
"url": "https://bugzilla.suse.com/1240585"
},
{
"category": "self",
"summary": "SUSE Bug 1240587",
"url": "https://bugzilla.suse.com/1240587"
},
{
"category": "self",
"summary": "SUSE Bug 1240590",
"url": "https://bugzilla.suse.com/1240590"
},
{
"category": "self",
"summary": "SUSE Bug 1240591",
"url": "https://bugzilla.suse.com/1240591"
},
{
"category": "self",
"summary": "SUSE Bug 1240592",
"url": "https://bugzilla.suse.com/1240592"
},
{
"category": "self",
"summary": "SUSE Bug 1240594",
"url": "https://bugzilla.suse.com/1240594"
},
{
"category": "self",
"summary": "SUSE Bug 1240595",
"url": "https://bugzilla.suse.com/1240595"
},
{
"category": "self",
"summary": "SUSE Bug 1240596",
"url": "https://bugzilla.suse.com/1240596"
},
{
"category": "self",
"summary": "SUSE Bug 1240600",
"url": "https://bugzilla.suse.com/1240600"
},
{
"category": "self",
"summary": "SUSE Bug 1240612",
"url": "https://bugzilla.suse.com/1240612"
},
{
"category": "self",
"summary": "SUSE Bug 1240616",
"url": "https://bugzilla.suse.com/1240616"
},
{
"category": "self",
"summary": "SUSE Bug 1240639",
"url": "https://bugzilla.suse.com/1240639"
},
{
"category": "self",
"summary": "SUSE Bug 1240643",
"url": "https://bugzilla.suse.com/1240643"
},
{
"category": "self",
"summary": "SUSE Bug 1240647",
"url": "https://bugzilla.suse.com/1240647"
},
{
"category": "self",
"summary": "SUSE Bug 1240691",
"url": "https://bugzilla.suse.com/1240691"
},
{
"category": "self",
"summary": "SUSE Bug 1240700",
"url": "https://bugzilla.suse.com/1240700"
},
{
"category": "self",
"summary": "SUSE Bug 1240701",
"url": "https://bugzilla.suse.com/1240701"
},
{
"category": "self",
"summary": "SUSE Bug 1240703",
"url": "https://bugzilla.suse.com/1240703"
},
{
"category": "self",
"summary": "SUSE Bug 1240708",
"url": "https://bugzilla.suse.com/1240708"
},
{
"category": "self",
"summary": "SUSE Bug 1240714",
"url": "https://bugzilla.suse.com/1240714"
},
{
"category": "self",
"summary": "SUSE Bug 1240715",
"url": "https://bugzilla.suse.com/1240715"
},
{
"category": "self",
"summary": "SUSE Bug 1240716",
"url": "https://bugzilla.suse.com/1240716"
},
{
"category": "self",
"summary": "SUSE Bug 1240718",
"url": "https://bugzilla.suse.com/1240718"
},
{
"category": "self",
"summary": "SUSE Bug 1240719",
"url": "https://bugzilla.suse.com/1240719"
},
{
"category": "self",
"summary": "SUSE Bug 1240720",
"url": "https://bugzilla.suse.com/1240720"
},
{
"category": "self",
"summary": "SUSE Bug 1240722",
"url": "https://bugzilla.suse.com/1240722"
},
{
"category": "self",
"summary": "SUSE Bug 1240727",
"url": "https://bugzilla.suse.com/1240727"
},
{
"category": "self",
"summary": "SUSE Bug 1240739",
"url": "https://bugzilla.suse.com/1240739"
},
{
"category": "self",
"summary": "SUSE Bug 1240742",
"url": "https://bugzilla.suse.com/1240742"
},
{
"category": "self",
"summary": "SUSE Bug 1240779",
"url": "https://bugzilla.suse.com/1240779"
},
{
"category": "self",
"summary": "SUSE Bug 1240783",
"url": "https://bugzilla.suse.com/1240783"
},
{
"category": "self",
"summary": "SUSE Bug 1240784",
"url": "https://bugzilla.suse.com/1240784"
},
{
"category": "self",
"summary": "SUSE Bug 1240795",
"url": "https://bugzilla.suse.com/1240795"
},
{
"category": "self",
"summary": "SUSE Bug 1240796",
"url": "https://bugzilla.suse.com/1240796"
},
{
"category": "self",
"summary": "SUSE Bug 1240797",
"url": "https://bugzilla.suse.com/1240797"
},
{
"category": "self",
"summary": "SUSE Bug 1240799",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "self",
"summary": "SUSE Bug 1240801",
"url": "https://bugzilla.suse.com/1240801"
},
{
"category": "self",
"summary": "SUSE Bug 1240806",
"url": "https://bugzilla.suse.com/1240806"
},
{
"category": "self",
"summary": "SUSE Bug 1240808",
"url": "https://bugzilla.suse.com/1240808"
},
{
"category": "self",
"summary": "SUSE Bug 1240812",
"url": "https://bugzilla.suse.com/1240812"
},
{
"category": "self",
"summary": "SUSE Bug 1240813",
"url": "https://bugzilla.suse.com/1240813"
},
{
"category": "self",
"summary": "SUSE Bug 1240815",
"url": "https://bugzilla.suse.com/1240815"
},
{
"category": "self",
"summary": "SUSE Bug 1240816",
"url": "https://bugzilla.suse.com/1240816"
},
{
"category": "self",
"summary": "SUSE Bug 1240819",
"url": "https://bugzilla.suse.com/1240819"
},
{
"category": "self",
"summary": "SUSE Bug 1240821",
"url": "https://bugzilla.suse.com/1240821"
},
{
"category": "self",
"summary": "SUSE Bug 1240825",
"url": "https://bugzilla.suse.com/1240825"
},
{
"category": "self",
"summary": "SUSE Bug 1240829",
"url": "https://bugzilla.suse.com/1240829"
},
{
"category": "self",
"summary": "SUSE Bug 1240873",
"url": "https://bugzilla.suse.com/1240873"
},
{
"category": "self",
"summary": "SUSE Bug 1240937",
"url": "https://bugzilla.suse.com/1240937"
},
{
"category": "self",
"summary": "SUSE Bug 1240938",
"url": "https://bugzilla.suse.com/1240938"
},
{
"category": "self",
"summary": "SUSE Bug 1240940",
"url": "https://bugzilla.suse.com/1240940"
},
{
"category": "self",
"summary": "SUSE Bug 1240942",
"url": "https://bugzilla.suse.com/1240942"
},
{
"category": "self",
"summary": "SUSE Bug 1240943",
"url": "https://bugzilla.suse.com/1240943"
},
{
"category": "self",
"summary": "SUSE Bug 1240978",
"url": "https://bugzilla.suse.com/1240978"
},
{
"category": "self",
"summary": "SUSE Bug 1240979",
"url": "https://bugzilla.suse.com/1240979"
},
{
"category": "self",
"summary": "SUSE Bug 1241038",
"url": "https://bugzilla.suse.com/1241038"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52831 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52926 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52927 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26634 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26873 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27415 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38606 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41149 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42307 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43820 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46736 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46796 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47408 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47794 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49571 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49940 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50038 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50152 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50251 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50258 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50304 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52559 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53124 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53139 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53163 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54683 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56638 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56640 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57807 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57973 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57986 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57993 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57997 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57999 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58006 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58018 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58034 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58052 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58054 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58071 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58083 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21631 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21659 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21666 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21669 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21671 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21704 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21708 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21711 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21741 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21743 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21745 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21755 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21762 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21775 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21776 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21779 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21780 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21781 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21782 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21784 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21793 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21796 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21804 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21806 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21815 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21819 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21820 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21821 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21825 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21829 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21831 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21835 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21836 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21838 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21846 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21855 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21857 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21858 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21859 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21862 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21863 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21873 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21875 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21883 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21884 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21886 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21887 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21888 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21890 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21892 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21894 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21908 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21909 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21910 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21912 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21917 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21918 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21922 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21923 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21924 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21927 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21928 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21930 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21935 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21936 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21941 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21943 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21950 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21951 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21953 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21956 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21960 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21961 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21966 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21975 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21979 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21992 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22001 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22003 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22007 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22009 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22014 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2312/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-04-17T14:37:10Z",
"generator": {
"date": "2025-04-17T14:37:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20270-1",
"initial_release_date": "2025-04-17T14:37:10Z",
"revision_history": [
{
"date": "2025-04-17T14:37:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.aarch64",
"product": {
"name": "kernel-default-6.4.0-28.1.aarch64",
"product_id": "kernel-default-6.4.0-28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"product_id": "kernel-default-base-6.4.0-28.1.21.6.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-28.1.aarch64",
"product": {
"name": "kernel-default-devel-6.4.0-28.1.aarch64",
"product_id": "kernel-default-devel-6.4.0-28.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-28.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-28.1.noarch",
"product_id": "kernel-devel-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-28.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-28.1.noarch",
"product_id": "kernel-macros-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-28.1.noarch",
"product": {
"name": "kernel-source-6.4.0-28.1.noarch",
"product_id": "kernel-source-6.4.0-28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.s390x",
"product": {
"name": "kernel-default-6.4.0-28.1.s390x",
"product_id": "kernel-default-6.4.0-28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-28.1.s390x",
"product": {
"name": "kernel-default-devel-6.4.0-28.1.s390x",
"product_id": "kernel-default-devel-6.4.0-28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-28.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-28.1.s390x",
"product_id": "kernel-default-livepatch-6.4.0-28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"product_id": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-default-6.4.0-28.1.x86_64",
"product_id": "kernel-default-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"product_id": "kernel-default-base-6.4.0-28.1.21.6.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-default-devel-6.4.0-28.1.x86_64",
"product_id": "kernel-default-devel-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64"
},
"product_reference": "kernel-default-6.4.0-28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x"
},
"product_reference": "kernel-default-6.4.0-28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-default-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-28.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64"
},
"product_reference": "kernel-default-devel-6.4.0-28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-28.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x"
},
"product_reference": "kernel-default-devel-6.4.0-28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-default-devel-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-28.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
},
"product_reference": "kernel-source-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don\u0027t offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the \"isolcpus=\" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n rebuild_sched_domains_locked()\n ndoms = generate_sched_domains(\u0026doms, \u0026attr);\n cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52831",
"url": "https://www.suse.com/security/cve/CVE-2023-52831"
},
{
"category": "external",
"summary": "SUSE Bug 1225533 for CVE-2023-52831",
"url": "https://bugzilla.suse.com/1225533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2023-52831"
},
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2023-52926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIORING_OP_READ did not correctly consume the provided buffer list when\nread i/o returned \u003c 0 (except for -EAGAIN and -EIOCBQUEUED return).\nThis can lead to a potential use-after-free when the completion via\nio_rw_done runs at separate context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52926",
"url": "https://www.suse.com/security/cve/CVE-2023-52926"
},
{
"category": "external",
"summary": "SUSE Bug 1237565 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "external",
"summary": "SUSE Bug 1237567 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52926"
},
{
"cve": "CVE-2023-52927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: allow exp not to be removed in nf_ct_find_expectation\n\nCurrently nf_conntrack_in() calling nf_ct_find_expectation() will\nremove the exp from the hash table. However, in some scenario, we\nexpect the exp not to be removed when the created ct will not be\nconfirmed, like in OVS and TC conntrack in the following patches.\n\nThis patch allows exp not to be removed by setting IPS_CONFIRMED\nin the status of the tmpl.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52927",
"url": "https://www.suse.com/security/cve/CVE-2023-52927"
},
{
"category": "external",
"summary": "SUSE Bug 1239644 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "external",
"summary": "SUSE Bug 1246016 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1246016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-26634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix removing a namespace with conflicting altnames\n\nMark reports a BUG() when a net namespace is removed.\n\n kernel BUG at net/core/dev.c:11520!\n\nPhysical interfaces moved outside of init_net get \"refunded\"\nto init_net when that namespace disappears. The main interface\nname may get overwritten in the process if it would have\nconflicted. We need to also discard all conflicting altnames.\nRecent fixes addressed ensuring that altnames get moved\nwith the main interface, which surfaced this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26634",
"url": "https://www.suse.com/security/cve/CVE-2024-26634"
},
{
"category": "external",
"summary": "SUSE Bug 1221651 for CVE-2024-26634",
"url": "https://bugzilla.suse.com/1221651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26634"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\n\nIf we issue a disabling PHY command, the device attached with it will go\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\nfound:\n\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\n[ 4613.666297] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\n[ 4613.691518] Call trace:\n[ 4613.694678] __switch_to+0xf8/0x17c\n[ 4613.698872] __schedule+0x660/0xee0\n[ 4613.703063] schedule+0xac/0x240\n[ 4613.706994] schedule_timeout+0x500/0x610\n[ 4613.711705] __down+0x128/0x36c\n[ 4613.715548] down+0x240/0x2d0\n[ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\n[ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas]\n[ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas]\n[ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\n[ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\n[ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\n[ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas]\n[ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas]\n[ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\n[ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas]\n[ 4613.784716] process_one_work+0x248/0x950\n[ 4613.789424] worker_thread+0x318/0x934\n[ 4613.793878] kthread+0x190/0x200\n[ 4613.797810] ret_from_fork+0x10/0x18\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\n[ 4613.816026] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\n[ 4613.841491] Call trace:\n[ 4613.844647] __switch_to+0xf8/0x17c\n[ 4613.848852] __schedule+0x660/0xee0\n[ 4613.853052] schedule+0xac/0x240\n[ 4613.856984] schedule_timeout+0x500/0x610\n[ 4613.861695] __down+0x128/0x36c\n[ 4613.865542] down+0x240/0x2d0\n[ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\n[ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\n[ 4613.883019] process_one_work+0x248/0x950\n[ 4613.887732] worker_thread+0x318/0x934\n[ 4613.892204] kthread+0x190/0x200\n[ 4613.896118] ret_from_fork+0x10/0x18\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\n[ 4613.914341] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\n[ 4613.939549] Call trace:\n[ 4613.942702] __switch_to+0xf8/0x17c\n[ 4613.946892] __schedule+0x660/0xee0\n[ 4613.951083] schedule+0xac/0x240\n[ 4613.955015] schedule_timeout+0x500/0x610\n[ 4613.959725] wait_for_common+0x200/0x610\n[ 4613.964349] wait_for_completion+0x3c/0x5c\n[ 4613.969146] flush_workqueue+0x198/0x790\n[ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\n[ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas]\n[ 4613.985708] process_one_work+0x248/0x950\n[ 4613.990420] worker_thread+0x318/0x934\n[ 4613.994868] kthread+0x190/0x200\n[ 4613.998800] ret_from_fork+0x10/0x18\n\nThis is because when the device goes offline, we obtain the hisi_hba\nsemaphore and send the ABORT_DEV command to the device. However, the\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\ncannot be executed and the controller cannot be reset.\n\nTherefore, the deadlocks occur on the following circular dependencies\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26873",
"url": "https://www.suse.com/security/cve/CVE-2024-26873"
},
{
"category": "external",
"summary": "SUSE Bug 1223047 for CVE-2024-26873",
"url": "https://bugzilla.suse.com/1223047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26873"
},
{
"cve": "CVE-2024-27415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: confirm multicast packets before passing them up the stack\n\nconntrack nf_confirm logic cannot handle cloned skbs referencing\nthe same nf_conn entry, which will happen for multicast (broadcast)\nframes on bridges.\n\n Example:\n macvlan0\n |\n br0\n / \\\n ethX ethY\n\n ethX (or Y) receives a L2 multicast or broadcast packet containing\n an IP packet, flow is not yet in conntrack table.\n\n 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting.\n -\u003e skb-\u003e_nfct now references a unconfirmed entry\n 2. skb is broad/mcast packet. bridge now passes clones out on each bridge\n interface.\n 3. skb gets passed up the stack.\n 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb\n and schedules a work queue to send them out on the lower devices.\n\n The clone skb-\u003e_nfct is not a copy, it is the same entry as the\n original skb. The macvlan rx handler then returns RX_HANDLER_PASS.\n 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb.\n\nThe Macvlan broadcast worker and normal confirm path will race.\n\nThis race will not happen if step 2 already confirmed a clone. In that\ncase later steps perform skb_clone() with skb-\u003e_nfct already confirmed (in\nhash table). This works fine.\n\nBut such confirmation won\u0027t happen when eb/ip/nftables rules dropped the\npackets before they reached the nf_confirm step in postrouting.\n\nPablo points out that nf_conntrack_bridge doesn\u0027t allow use of stateful\nnat, so we can safely discard the nf_conn entry and let inet call\nconntrack again.\n\nThis doesn\u0027t work for bridge netfilter: skb could have a nat\ntransformation. Also bridge nf prevents re-invocation of inet prerouting\nvia \u0027sabotage_in\u0027 hook.\n\nWork around this problem by explicit confirmation of the entry at LOCAL_IN\ntime, before upper layer has a chance to clone the unconfirmed entry.\n\nThe downside is that this disables NAT and conntrack helpers.\n\nAlternative fix would be to add locking to all code parts that deal with\nunconfirmed packets, but even if that could be done in a sane way this\nopens up other problems, for example:\n\n-m physdev --physdev-out eth0 -j SNAT --snat-to 1.2.3.4\n-m physdev --physdev-out eth1 -j SNAT --snat-to 1.2.3.5\n\nFor multicast case, only one of such conflicting mappings will be\ncreated, conntrack only handles 1:1 NAT mappings.\n\nUsers should set create a setup that explicitly marks such traffic\nNOTRACK (conntrack bypass) to avoid this, but we cannot auto-bypass\nthem, ruleset might have accept rules for untracked traffic already,\nso user-visible behaviour would change.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27415",
"url": "https://www.suse.com/security/cve/CVE-2024-27415"
},
{
"category": "external",
"summary": "SUSE Bug 1224757 for CVE-2024-27415",
"url": "https://bugzilla.suse.com/1224757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-27415"
},
{
"cve": "CVE-2024-35826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35826",
"url": "https://www.suse.com/security/cve/CVE-2024-35826"
},
{
"category": "external",
"summary": "SUSE Bug 1224610 for CVE-2024-35826",
"url": "https://bugzilla.suse.com/1224610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-35826"
},
{
"cve": "CVE-2024-35910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35910",
"url": "https://www.suse.com/security/cve/CVE-2024-35910"
},
{
"category": "external",
"summary": "SUSE Bug 1224489 for CVE-2024-35910",
"url": "https://bugzilla.suse.com/1224489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - validate slices count returned by FW\n\nThe function adf_send_admin_tl_start() enables the telemetry (TL)\nfeature on a QAT device by sending the ICP_QAT_FW_TL_START message to\nthe firmware. This triggers the FW to start writing TL data to a DMA\nbuffer in memory and returns an array containing the number of\naccelerators of each type (slices) supported by this HW.\nThe pointer to this array is stored in the adf_tl_hw_data data\nstructure called slice_cnt.\n\nThe array slice_cnt is then used in the function tl_print_dev_data()\nto report in debugfs only statistics about the supported accelerators.\nAn incorrect value of the elements in slice_cnt might lead to an out\nof bounds memory read.\nAt the moment, there isn\u0027t an implementation of FW that returns a wrong\nvalue, but for robustness validate the slice count array returned by FW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38606",
"url": "https://www.suse.com/security/cve/CVE-2024-38606"
},
{
"category": "external",
"summary": "SUSE Bug 1226871 for CVE-2024-38606",
"url": "https://bugzilla.suse.com/1226871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\u003csnip\u003e\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\u003csnip\u003e\n\tvalue changed: 0x0000000a -\u003e 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi-\u003epoll_owner\nnon atomically. The -\u003epoll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41005",
"url": "https://www.suse.com/security/cve/CVE-2024-41005"
},
{
"category": "external",
"summary": "SUSE Bug 1227858 for CVE-2024-41005",
"url": "https://bugzilla.suse.com/1227858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-41077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix validation of block size\n\nBlock size should be between 512 and PAGE_SIZE and be a power of 2. The current\ncheck does not validate this, so update the check.\n\nWithout this patch, null_blk would Oops due to a null pointer deref when\nloaded with bs=1536 [1].\n\n\n[axboe: remove unnecessary braces and != 0 check]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41077",
"url": "https://www.suse.com/security/cve/CVE-2024-41077"
},
{
"category": "external",
"summary": "SUSE Bug 1228653 for CVE-2024-41077",
"url": "https://bugzilla.suse.com/1228653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: avoid to reuse `hctx` not removed from cpuhp callback list\n\nIf the \u0027hctx\u0027 isn\u0027t removed from cpuhp callback list, we can\u0027t reuse it,\notherwise use-after-free may be triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41149",
"url": "https://www.suse.com/security/cve/CVE-2024-41149"
},
{
"category": "external",
"summary": "SUSE Bug 1235698 for CVE-2024-41149",
"url": "https://bugzilla.suse.com/1235698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41149"
},
{
"cve": "CVE-2024-42307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n fs/smb/client/cifsfs.c:1981 init_cifs()\n error: we previously assumed \u0027serverclose_wq\u0027 could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42307",
"url": "https://www.suse.com/security/cve/CVE-2024-42307"
},
{
"category": "external",
"summary": "SUSE Bug 1229361 for CVE-2024-42307",
"url": "https://bugzilla.suse.com/1229361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-42307"
},
{
"cve": "CVE-2024-43820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery));\n\nThis check is designed to make sure that the sync thread isn\u0027t\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43820",
"url": "https://www.suse.com/security/cve/CVE-2024-43820"
},
{
"category": "external",
"summary": "SUSE Bug 1229311 for CVE-2024-43820",
"url": "https://bugzilla.suse.com/1229311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-46736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_rename_path()\n\nIf smb2_set_path_attr() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() again as the\nreference of @cfile was already dropped by previous smb2_compound_op()\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46736",
"url": "https://www.suse.com/security/cve/CVE-2024-46736"
},
{
"category": "external",
"summary": "SUSE Bug 1230728 for CVE-2024-46736",
"url": "https://bugzilla.suse.com/1230728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46736"
},
{
"cve": "CVE-2024-46782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46782",
"url": "https://www.suse.com/security/cve/CVE-2024-46782"
},
{
"category": "external",
"summary": "SUSE Bug 1230769 for CVE-2024-46782",
"url": "https://bugzilla.suse.com/1230769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_set_path_size()\n\nIf smb2_compound_op() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() before retrying it\nas the reference of @cfile was already dropped by previous call.\n\nThis fixes the following KASAN splat when running fstests generic/013\nagainst Windows Server 2022:\n\n CIFS: Attempting to mount //w22-fs0/scratch\n run fstests generic/013 at 2024-09-02 19:48:59\n ==================================================================\n BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200\n Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176\n\n CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40\n 04/01/2014\n Workqueue: cifsoplockd cifs_oplock_break [cifs]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? detach_if_pending+0xab/0x200\n print_report+0x156/0x4d9\n ? detach_if_pending+0xab/0x200\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? detach_if_pending+0xab/0x200\n kasan_report+0xda/0x110\n ? detach_if_pending+0xab/0x200\n detach_if_pending+0xab/0x200\n timer_delete+0x96/0xe0\n ? __pfx_timer_delete+0x10/0x10\n ? rcu_is_watching+0x20/0x50\n try_to_grab_pending+0x46/0x3b0\n __cancel_work+0x89/0x1b0\n ? __pfx___cancel_work+0x10/0x10\n ? kasan_save_track+0x14/0x30\n cifs_close_deferred_file+0x110/0x2c0 [cifs]\n ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs]\n ? __pfx_down_read+0x10/0x10\n cifs_oplock_break+0x4c1/0xa50 [cifs]\n ? __pfx_cifs_oplock_break+0x10/0x10 [cifs]\n ? lock_is_held_type+0x85/0xf0\n ? mark_held_locks+0x1a/0x90\n process_one_work+0x4c6/0x9f0\n ? find_held_lock+0x8a/0xa0\n ? __pfx_process_one_work+0x10/0x10\n ? lock_acquired+0x220/0x550\n ? __list_add_valid_or_report+0x37/0x100\n worker_thread+0x2e4/0x570\n ? __kthread_parkme+0xd1/0xf0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x17f/0x1c0\n ? kthread+0xda/0x1c0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 1118:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n cifs_new_fileinfo+0xc8/0x9d0 [cifs]\n cifs_atomic_open+0x467/0x770 [cifs]\n lookup_open.isra.0+0x665/0x8b0\n path_openat+0x4c3/0x1380\n do_filp_open+0x167/0x270\n do_sys_openat2+0x129/0x160\n __x64_sys_creat+0xad/0xe0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 83:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n poison_slab_object+0xe9/0x160\n __kasan_slab_free+0x32/0x50\n kfree+0xf2/0x300\n process_one_work+0x4c6/0x9f0\n worker_thread+0x2e4/0x570\n kthread+0x17f/0x1c0\n ret_from_fork+0x31/0x60\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x30/0x50\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x29/0xe0\n __queue_work+0x5ea/0x760\n queue_work_on+0x6d/0x90\n _cifsFileInfo_put+0x3f6/0x770 [cifs]\n smb2_compound_op+0x911/0x3940 [cifs]\n smb2_set_path_size+0x228/0x270 [cifs]\n cifs_set_file_size+0x197/0x460 [cifs]\n cifs_setattr+0xd9c/0x14b0 [cifs]\n notify_change+0x4e3/0x740\n do_truncate+0xfa/0x180\n vfs_truncate+0x195/0x200\n __x64_sys_truncate+0x109/0x150\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46796",
"url": "https://www.suse.com/security/cve/CVE-2024-46796"
},
{
"category": "external",
"summary": "SUSE Bug 1230832 for CVE-2024-46796",
"url": "https://bugzilla.suse.com/1230832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46796"
},
{
"cve": "CVE-2024-46858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n CPU1\t\t\t\tCPU2\n ==== ====\n net_rx_action\n napi_poll netlink_sendmsg\n __napi_poll netlink_unicast\n process_backlog netlink_unicast_kernel\n __netif_receive_skb genl_rcv\n __netif_receive_skb_one_core netlink_rcv_skb\n NF_HOOK genl_rcv_msg\n ip_local_deliver_finish genl_family_rcv_msg\n ip_protocol_deliver_rcu genl_family_rcv_msg_doit\n tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit\n tcp_v4_do_rcv mptcp_nl_remove_addrs_list\n tcp_rcv_established mptcp_pm_remove_addrs_and_subflows\n tcp_data_queue remove_anno_list_by_saddr\n mptcp_incoming_options mptcp_pm_del_add_timer\n mptcp_pm_del_add_timer kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by \"pm.lock\", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of \"entry-\u003eadd_timer\".\n\nMove list_del(\u0026entry-\u003elist) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar \"entry-\u003ex\" uaf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46858",
"url": "https://www.suse.com/security/cve/CVE-2024-46858"
},
{
"category": "external",
"summary": "SUSE Bug 1231088 for CVE-2024-46858",
"url": "https://bugzilla.suse.com/1231088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46858"
},
{
"cve": "CVE-2024-47408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47408"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check smcd_v2_ext_offset when receiving proposal msg\n\nWhen receiving proposal msg in server, the field smcd_v2_ext_offset in\nproposal msg is from the remote client and can not be fully trusted.\nOnce the value of smcd_v2_ext_offset exceed the max value, there has\nthe chance to access wrong address, and crash may happen.\n\nThis patch checks the value of smcd_v2_ext_offset before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47408",
"url": "https://www.suse.com/security/cve/CVE-2024-47408"
},
{
"category": "external",
"summary": "SUSE Bug 1235711 for CVE-2024-47408",
"url": "https://bugzilla.suse.com/1235711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47794",
"url": "https://www.suse.com/security/cve/CVE-2024-47794"
},
{
"category": "external",
"summary": "SUSE Bug 1235712 for CVE-2024-47794",
"url": "https://bugzilla.suse.com/1235712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the field iparea_offset\nand the field ipv6_prefixes_cnt in proposal msg are from the\nremote client and can not be fully trusted. Especially the\nfield iparea_offset, once exceed the max value, there has the\nchance to access wrong address, and crash may happen.\n\nThis patch checks iparea_offset and ipv6_prefixes_cnt before using them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49571",
"url": "https://www.suse.com/security/cve/CVE-2024-49571"
},
{
"category": "external",
"summary": "SUSE Bug 1235733 for CVE-2024-49571",
"url": "https://bugzilla.suse.com/1235733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which \u0026fbi-\u003etask is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the \u0026pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi-\u003efb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | pxafb_task\npxafb_remove |\nunregister_framebuffer(info) |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info) |\n// free fbi-\u003efb | set_ctrlr_state(fbi, state)\n | __pxafb_lcd_power(fbi, 0)\n | fbi-\u003elcd_power(on, \u0026fbi-\u003efb.var)\n | //use fbi-\u003efb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49924",
"url": "https://www.suse.com/security/cve/CVE-2024-49924"
},
{
"category": "external",
"summary": "SUSE Bug 1232364 for CVE-2024-49924",
"url": "https://bugzilla.suse.com/1232364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49940"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: prevent possible tunnel refcount underflow\n\nWhen a session is created, it sets a backpointer to its tunnel. When\nthe session refcount drops to 0, l2tp_session_free drops the tunnel\nrefcount if session-\u003etunnel is non-NULL. However, session-\u003etunnel is\nset in l2tp_session_create, before the tunnel refcount is incremented\nby l2tp_session_register, which leaves a small window where\nsession-\u003etunnel is non-NULL when the tunnel refcount hasn\u0027t been\nbumped.\n\nMoving the assignment to l2tp_session_register is trivial but\nl2tp_session_create calls l2tp_session_set_header_len which uses\nsession-\u003etunnel to get the tunnel\u0027s encap. Add an encap arg to\nl2tp_session_set_header_len to avoid using session-\u003etunnel.\n\nIf l2tpv3 sessions have colliding IDs, it is possible for\nl2tp_v3_session_get to race with l2tp_session_register and fetch a\nsession which doesn\u0027t yet have session-\u003etunnel set. Add a check for\nthis case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49940",
"url": "https://www.suse.com/security/cve/CVE-2024-49940"
},
{
"category": "external",
"summary": "SUSE Bug 1232812 for CVE-2024-49940",
"url": "https://bugzilla.suse.com/1232812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49940"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-49994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix integer overflow in BLKSECDISCARD\n\nI independently rediscovered\n\n\tcommit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155\n\tblock: fix overflow in blk_ioctl_discard()\n\nbut for secure erase.\n\nSame problem:\n\n\tuint64_t r[2] = {512, 18446744073709551104ULL};\n\tioctl(fd, BLKSECDISCARD, r);\n\nwill enter near infinite loop inside blkdev_issue_secure_erase():\n\n\ta.out: attempt to access beyond end of device\n\tloop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048\n\tbio_check_eod: 3286214 callbacks suppressed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49994",
"url": "https://www.suse.com/security/cve/CVE-2024-49994"
},
{
"category": "external",
"summary": "SUSE Bug 1237757 for CVE-2024-49994",
"url": "https://bugzilla.suse.com/1237757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xtables: avoid NFPROTO_UNSPEC where needed\n\nsyzbot managed to call xt_cluster match via ebtables:\n\n WARNING: CPU: 0 PID: 11 at net/netfilter/xt_cluster.c:72 xt_cluster_mt+0x196/0x780\n [..]\n ebt_do_table+0x174b/0x2a40\n\nModule registers to NFPROTO_UNSPEC, but it assumes ipv4/ipv6 packet\nprocessing. As this is only useful to restrict locally terminating\nTCP/UDP traffic, register this for ipv4 and ipv6 family only.\n\nPablo points out that this is a general issue, direct users of the\nset/getsockopt interface can call into targets/matches that were only\nintended for use with ip(6)tables.\n\nCheck all UNSPEC matches and targets for similar issues:\n\n- matches and targets are fine except if they assume skb_network_header()\n is valid -- this is only true when called from inet layer: ip(6) stack\n pulls the ip/ipv6 header into linear data area.\n- targets that return XT_CONTINUE or other xtables verdicts must be\n restricted too, they are incompatbile with the ebtables traverser, e.g.\n EBT_CONTINUE is a completely different value than XT_CONTINUE.\n\nMost matches/targets are changed to register for NFPROTO_IPV4/IPV6, as\nthey are provided for use by ip(6)tables.\n\nThe MARK target is also used by arptables, so register for NFPROTO_ARP too.\n\nWhile at it, bail out if connbytes fails to enable the corresponding\nconntrack family.\n\nThis change passes the selftests in iptables.git.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50038",
"url": "https://www.suse.com/security/cve/CVE-2024-50038"
},
{
"category": "external",
"summary": "SUSE Bug 1231910 for CVE-2024-50038",
"url": "https://bugzilla.suse.com/1231910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50038"
},
{
"cve": "CVE-2024-50056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50056",
"url": "https://www.suse.com/security/cve/CVE-2024-50056"
},
{
"category": "external",
"summary": "SUSE Bug 1232389 for CVE-2024-50056",
"url": "https://bugzilla.suse.com/1232389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: use RCU read-side critical section in taprio_dump()\n\nFix possible use-after-free in \u0027taprio_dump()\u0027 by adding RCU\nread-side critical section there. Never seen on x86 but\nfound on a KASAN-enabled arm64 system when investigating\nhttps://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa:\n\n[T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0\n[T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862\n[T15862]\n[T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2\n[T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024\n[T15862] Call trace:\n[T15862] dump_backtrace+0x20c/0x220\n[T15862] show_stack+0x2c/0x40\n[T15862] dump_stack_lvl+0xf8/0x174\n[T15862] print_report+0x170/0x4d8\n[T15862] kasan_report+0xb8/0x1d4\n[T15862] __asan_report_load4_noabort+0x20/0x2c\n[T15862] taprio_dump+0xa0c/0xbb0\n[T15862] tc_fill_qdisc+0x540/0x1020\n[T15862] qdisc_notify.isra.0+0x330/0x3a0\n[T15862] tc_modify_qdisc+0x7b8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Allocated by task 15857:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_alloc_info+0x40/0x60\n[T15862] __kasan_kmalloc+0xd4/0xe0\n[T15862] __kmalloc_cache_noprof+0x194/0x334\n[T15862] taprio_change+0x45c/0x2fe0\n[T15862] tc_modify_qdisc+0x6a8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Freed by task 6192:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_free_info+0x4c/0x80\n[T15862] poison_slab_object+0x110/0x160\n[T15862] __kasan_slab_free+0x3c/0x74\n[T15862] kfree+0x134/0x3c0\n[T15862] taprio_free_sched_cb+0x18c/0x220\n[T15862] rcu_core+0x920/0x1b7c\n[T15862] rcu_core_si+0x10/0x1c\n[T15862] handle_softirqs+0x2e8/0xd64\n[T15862] __do_softirq+0x14/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50126",
"url": "https://www.suse.com/security/cve/CVE-2024-50126"
},
{
"category": "external",
"summary": "SUSE Bug 1232895 for CVE-2024-50126",
"url": "https://bugzilla.suse.com/1232895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Disable page allocation in task_tick_mm_cid()\n\nWith KASAN and PREEMPT_RT enabled, calling task_work_add() in\ntask_tick_mm_cid() may cause the following splat.\n\n[ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe\n[ 63.696416] preempt_count: 10001, expected: 0\n[ 63.696416] RCU nest depth: 1, expected: 1\n\nThis problem is caused by the following call trace.\n\n sched_tick() [ acquire rq-\u003e__lock ]\n -\u003e task_tick_mm_cid()\n -\u003e task_work_add()\n -\u003e __kasan_record_aux_stack()\n -\u003e kasan_save_stack()\n -\u003e stack_depot_save_flags()\n -\u003e alloc_pages_mpol_noprof()\n -\u003e __alloc_pages_noprof()\n\t -\u003e get_page_from_freelist()\n\t -\u003e rmqueue()\n\t -\u003e rmqueue_pcplist()\n\t -\u003e __rmqueue_pcplist()\n\t -\u003e rmqueue_bulk()\n\t -\u003e rt_spin_lock()\n\nThe rq lock is a raw_spinlock_t. We can\u0027t sleep while holding\nit. IOW, we can\u0027t call alloc_pages() in stack_depot_save_flags().\n\nThe task_tick_mm_cid() function with its task_work_add() call was\nintroduced by commit 223baf9d17f2 (\"sched: Fix performance regression\nintroduced by mm_cid\") in v6.4 kernel.\n\nFortunately, there is a kasan_record_aux_stack_noalloc() variant that\ncalls stack_depot_save_flags() while not allowing it to allocate\nnew pages. To allow task_tick_mm_cid() to use task_work without\npage allocation, a new TWAF_NO_ALLOC flag is added to enable calling\nkasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack()\nif set. The task_tick_mm_cid() function is modified to add this new flag.\n\nThe possible downside is the missing stack trace in a KASAN report due\nto new page allocation required when task_work_add_noallloc() is called\nwhich should be rare.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50140",
"url": "https://www.suse.com/security/cve/CVE-2024-50140"
},
{
"category": "external",
"summary": "SUSE Bug 1233060 for CVE-2024-50140",
"url": "https://bugzilla.suse.com/1233060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning:\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 | kfree(ea);\n | ^~~~~~~~~\n\nThere is a double free in such case:\n\u0027ea is initialized to NULL\u0027 -\u003e \u0027first successful memory allocation for\nea\u0027 -\u003e \u0027something failed, goto sea_exit\u0027 -\u003e \u0027first memory release for ea\u0027\n-\u003e \u0027goto replay_again\u0027 -\u003e \u0027second goto sea_exit before allocate memory\nfor ea\u0027 -\u003e \u0027second memory release for ea resulted in double free\u0027.\n\nRe-initialie \u0027ea\u0027 to NULL near to the replay_again label, it can fix this\ndouble free problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50152",
"url": "https://www.suse.com/security/cve/CVE-2024-50152"
},
{
"category": "external",
"summary": "SUSE Bug 1233033 for CVE-2024-50152",
"url": "https://bugzilla.suse.com/1233033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50152"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50251",
"url": "https://www.suse.com/security/cve/CVE-2024-50251"
},
{
"category": "external",
"summary": "SUSE Bug 1233248 for CVE-2024-50251",
"url": "https://bugzilla.suse.com/1233248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk-\u003esk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n tso_segs = tcp_init_tso_segs(skb, mss_now);\n tcp_set_skb_tso_segs\n tcp_skb_pcount_set\n // skb-\u003elen = 524288, mss_now = 8\n // u16 tso_segs = 524288/8 = 65535 -\u003e 0\n tso_segs = DIV_ROUND_UP(skb-\u003elen, mss_now)\n BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50258",
"url": "https://www.suse.com/security/cve/CVE-2024-50258"
},
{
"category": "external",
"summary": "SUSE Bug 1233221 for CVE-2024-50258",
"url": "https://bugzilla.suse.com/1233221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50258"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-50304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50304",
"url": "https://www.suse.com/security/cve/CVE-2024-50304"
},
{
"category": "external",
"summary": "SUSE Bug 1233522 for CVE-2024-50304",
"url": "https://bugzilla.suse.com/1233522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50304"
},
{
"cve": "CVE-2024-52559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()\n\nThe \"submit-\u003ecmd[i].size\" and \"submit-\u003ecmd[i].offset\" variables are u32\nvalues that come from the user via the submit_lookup_cmds() function.\nThis addition could lead to an integer wrapping bug so use size_add()\nto prevent that.\n\nPatchwork: https://patchwork.freedesktop.org/patch/624696/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52559",
"url": "https://www.suse.com/security/cve/CVE-2024-52559"
},
{
"category": "external",
"summary": "SUSE Bug 1238507 for CVE-2024-52559",
"url": "https://bugzilla.suse.com/1238507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-53057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53057",
"url": "https://www.suse.com/security/cve/CVE-2024-53057"
},
{
"category": "external",
"summary": "SUSE Bug 1233551 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "external",
"summary": "SUSE Bug 1245816 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1245816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix data-races around sk-\u003esk_forward_alloc\n\nSyzkaller reported this warning:\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0\n Modules linked in:\n CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:inet_sock_destruct+0x1c5/0x1e0\n Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 \u003c0f\u003e 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00\n RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206\n RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007\n RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00\n RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007\n R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00\n R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78\n FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x88/0x130\n ? inet_sock_destruct+0x1c5/0x1e0\n ? report_bug+0x18e/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? inet_sock_destruct+0x1c5/0x1e0\n __sk_destruct+0x2a/0x200\n rcu_do_batch+0x1aa/0x530\n ? rcu_do_batch+0x13b/0x530\n rcu_core+0x159/0x2f0\n handle_softirqs+0xd3/0x2b0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n run_ksoftirqd+0x25/0x30\n smpboot_thread_fn+0xdd/0x1d0\n kthread+0xd3/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nIts possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add()\nconcurrently when sk-\u003esk_state == TCP_LISTEN with sk-\u003esk_lock unlocked,\nwhich triggers a data-race around sk-\u003esk_forward_alloc:\ntcp_v6_rcv\n tcp_v6_do_rcv\n skb_clone_and_charge_r\n sk_rmem_schedule\n __sk_mem_schedule\n sk_forward_alloc_add()\n skb_set_owner_r\n sk_mem_charge\n sk_forward_alloc_add()\n __kfree_skb\n skb_release_all\n skb_release_head_state\n sock_rfree\n sk_mem_uncharge\n sk_forward_alloc_add()\n sk_mem_reclaim\n // set local var reclaimable\n __sk_mem_reclaim\n sk_forward_alloc_add()\n\nIn this syzkaller testcase, two threads call\ntcp_v6_do_rcv() with skb-\u003etruesize=768, the sk_forward_alloc changes like\nthis:\n (cpu 1) | (cpu 2) | sk_forward_alloc\n ... | ... | 0\n __sk_mem_schedule() | | +4096 = 4096\n | __sk_mem_schedule() | +4096 = 8192\n sk_mem_charge() | | -768 = 7424\n | sk_mem_charge() | -768 = 6656\n ... | ... |\n sk_mem_uncharge() | | +768 = 7424\n reclaimable=7424 | |\n | sk_mem_uncharge() | +768 = 8192\n | reclaimable=8192 |\n __sk_mem_reclaim() | | -4096 = 4096\n | __sk_mem_reclaim() | -8192 = -4096 != 0\n\nThe skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when\nsk-\u003esk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock().\nFix the same issue in dccp_v6_do_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53124",
"url": "https://www.suse.com/security/cve/CVE-2024-53124"
},
{
"category": "external",
"summary": "SUSE Bug 1234074 for CVE-2024-53124",
"url": "https://bugzilla.suse.com/1234074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53124"
},
{
"cve": "CVE-2024-53139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix possible UAF in sctp_v6_available()\n\nA lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints\nthat sctp_v6_available() is calling dev_get_by_index_rcu()\nand ipv6_chk_addr() without holding rcu.\n\n[1]\n =============================\n WARNING: suspicious RCU usage\n 6.12.0-rc5-virtme #1216 Tainted: G W\n -----------------------------\n net/core/dev.c:876 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by sctp_hello/31495:\n #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp\n\nstack backtrace:\n CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216\n Tainted: [W]=WARN\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822)\n dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7))\n sctp_v6_available (net/sctp/ipv6.c:701) sctp\n sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp\n sctp_bind (net/sctp/socket.c:320) sctp\n inet6_bind_sk (net/ipv6/af_inet6.c:465)\n ? security_socket_bind (security/security.c:4581 (discriminator 1))\n __sys_bind (net/socket.c:1848 net/socket.c:1869)\n ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340)\n ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13))\n __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1))\n do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n RIP: 0033:0x7f59b934a1e7\n Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48\nAll code\n========\n 0:\t44 00 00 \tadd %r8b,(%rax)\n 3:\t48 8b 15 39 8c 0c 00 \tmov 0xc8c39(%rip),%rdx # 0xc8c43\n a:\tf7 d8 \tneg %eax\n c:\t64 89 02 \tmov %eax,%fs:(%rdx)\n f:\tb8 ff ff ff ff \tmov $0xffffffff,%eax\n 14:\teb bd \tjmp 0xffffffffffffffd3\n 16:\t66 2e 0f 1f 84 00 00 \tcs nopw 0x0(%rax,%rax,1)\n 1d:\t00 00 00\n 20:\t0f 1f 00 \tnopl (%rax)\n 23:\tb8 31 00 00 00 \tmov $0x31,%eax\n 28:\t0f 05 \tsyscall\n 2a:*\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\t\t\u003c-- trapping instruction\n 30:\t73 01 \tjae 0x33\n 32:\tc3 \tret\n 33:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c43\n 3a:\tf7 d8 \tneg %eax\n 3c:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 3f:\t48 \trex.W\n\nCode starting with the faulting instruction\n===========================================\n 0:\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\n 6:\t73 01 \tjae 0x9\n 8:\tc3 \tret\n 9:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c19\n 10:\tf7 d8 \tneg %eax\n 12:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 15:\t48 \trex.W\n RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031\n RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7\n RDX: 000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005\n RBP: 0000000000000005 R08: 1999999999999999 R09: 0000000000000000\n R10: 00007f59b9253298 R11: 000000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53139",
"url": "https://www.suse.com/security/cve/CVE-2024-53139"
},
{
"category": "external",
"summary": "SUSE Bug 1234157 for CVE-2024-53139",
"url": "https://bugzilla.suse.com/1234157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53139"
},
{
"cve": "CVE-2024-53140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon\u0027t actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we\u0027re back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn\u0027t have to take a reference of its own.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53140",
"url": "https://www.suse.com/security/cve/CVE-2024-53140"
},
{
"category": "external",
"summary": "SUSE Bug 1234222 for CVE-2024-53140",
"url": "https://bugzilla.suse.com/1234222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat/qat_420xx - fix off by one in uof_get_name()\n\nThis is called from uof_get_name_420xx() where \"num_objs\" is the\nARRAY_SIZE() of fw_objs[]. The \u003e needs to be \u003e= to prevent an out of\nbounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53163",
"url": "https://www.suse.com/security/cve/CVE-2024-53163"
},
{
"category": "external",
"summary": "SUSE Bug 1234828 for CVE-2024-53163",
"url": "https://bugzilla.suse.com/1234828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-53680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()\n\nUnder certain kernel configurations when building with Clang/LLVM, the\ncompiler does not generate a return or jump as the terminator\ninstruction for ip_vs_protocol_init(), triggering the following objtool\nwarning during build time:\n\n vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()\n\nAt runtime, this either causes an oops when trying to load the ipvs\nmodule or a boot-time panic if ipvs is built-in. This same issue has\nbeen reported by the Intel kernel test robot previously.\n\nDigging deeper into both LLVM and the kernel code reveals this to be a\nundefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer\nof 64 chars to store the registered protocol names and leaves it\nuninitialized after definition. The function calls strnlen() when\nconcatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE\nstrnlen() performs an extra step to check whether the last byte of the\ninput char buffer is a null character (commit 3009f891bb9f (\"fortify:\nAllow strlen() and strnlen() to pass compile-time known lengths\")).\nThis, together with possibly other configurations, cause the following\nIR to be generated:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section \".init.text\" align 16 !kcfi_type !29 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 14: ; preds = %11\n %15 = getelementptr inbounds i8, ptr %1, i64 63\n %16 = load i8, ptr %15, align 1\n %17 = tail call i1 @llvm.is.constant.i8(i8 %16)\n %18 = icmp eq i8 %16, 0\n %19 = select i1 %17, i1 %18, i1 false\n br i1 %19, label %20, label %23\n\n 20: ; preds = %14\n %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23\n ...\n\n 23: ; preds = %14, %11, %20\n %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24\n ...\n }\n\nThe above code calculates the address of the last char in the buffer\n(value %15) and then loads from it (value %16). Because the buffer is\nnever initialized, the LLVM GVN pass marks value %16 as undefined:\n\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n br i1 undef, label %14, label %17\n\nThis gives later passes (SCCP, in particular) more DCE opportunities by\npropagating the undef value further, and eventually removes everything\nafter the load on the uninitialized stack location:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section \".init.text\" align 16 !kcfi_type !11 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 12: ; preds = %11\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n unreachable\n }\n\nIn this way, the generated native code will just fall through to the\nnext function, as LLVM does not generate any code for the unreachable IR\ninstruction and leaves the function without a terminator.\n\nZero the on-stack buffer to avoid this possible UB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53680",
"url": "https://www.suse.com/security/cve/CVE-2024-53680"
},
{
"category": "external",
"summary": "SUSE Bug 1235715 for CVE-2024-53680",
"url": "https://bugzilla.suse.com/1235715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: IDLETIMER: Fix for possible ABBA deadlock\n\nDeletion of the last rule referencing a given idletimer may happen at\nthe same time as a read of its file in sysfs:\n\n| ======================================================\n| WARNING: possible circular locking dependency detected\n| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted\n| ------------------------------------------------------\n| iptables/3303 is trying to acquire lock:\n| ffff8881057e04b8 (kn-\u003eactive#48){++++}-{0:0}, at: __kernfs_remove+0x20\n|\n| but task is already holding lock:\n| ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v]\n|\n| which lock already depends on the new lock.\n\nA simple reproducer is:\n\n| #!/bin/bash\n|\n| while true; do\n| iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| done \u0026\n| while true; do\n| cat /sys/class/xt_idletimer/timers/testme \u003e/dev/null\n| done\n\nAvoid this by freeing list_mutex right after deleting the element from\nthe list, then continuing with the teardown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54683",
"url": "https://www.suse.com/security/cve/CVE-2024-54683"
},
{
"category": "external",
"summary": "SUSE Bug 1235729 for CVE-2024-54683",
"url": "https://bugzilla.suse.com/1235729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (\u0026htab-\u003elockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab\u0027s lock (s-\u003ecpu_slab-\u003elock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock\u0027s type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for -\u003emap_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes -\u003emap_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab-\u003eextra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn\u0027t support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn\u0027t have the problem, so kept\nit as\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56592",
"url": "https://www.suse.com/security/cve/CVE-2024-56592"
},
{
"category": "external",
"summary": "SUSE Bug 1235244 for CVE-2024-56592",
"url": "https://bugzilla.suse.com/1235244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56592"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n has already been parsed before for inner header fetching to\n register.\n\n2) Validate that the percpu area refers to this skbuff using the\n skbuff pointer as a cookie. If there is a cookie mismatch, then\n this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56638",
"url": "https://www.suse.com/security/cve/CVE-2024-56638"
},
{
"category": "external",
"summary": "SUSE Bug 1235524 for CVE-2024-56638",
"url": "https://bugzilla.suse.com/1235524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56640",
"url": "https://www.suse.com/security/cve/CVE-2024-56640"
},
{
"category": "external",
"summary": "SUSE Bug 1235436 for CVE-2024-56640",
"url": "https://bugzilla.suse.com/1235436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier\u0027s knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don\u0027t do this when ref_obj_id \u003e 0, as in\nthat case this is an acquired object and doesn\u0027t need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon\u0027t regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56702",
"url": "https://www.suse.com/security/cve/CVE-2024-56702"
},
{
"category": "external",
"summary": "SUSE Bug 1235501 for CVE-2024-56702",
"url": "https://bugzilla.suse.com/1235501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core\u2014indicated by their \u0027next\u0027 and\n\u0027previous\u0027 elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- \u003cIRQ stack\u003e --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56703",
"url": "https://www.suse.com/security/cve/CVE-2024-56703"
},
{
"category": "external",
"summary": "SUSE Bug 1235455 for CVE-2024-56703",
"url": "https://bugzilla.suse.com/1235455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev-\u003enext should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56718",
"url": "https://www.suse.com/security/cve/CVE-2024-56718"
},
{
"category": "external",
"summary": "SUSE Bug 1235589 for CVE-2024-56718",
"url": "https://bugzilla.suse.com/1235589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]\u0027s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv-\u003edma_cap.addr64 \u003e 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56719",
"url": "https://www.suse.com/security/cve/CVE-2024-56719"
},
{
"category": "external",
"summary": "SUSE Bug 1235591 for CVE-2024-56719",
"url": "https://bugzilla.suse.com/1235591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-56751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: release nexthop on device removal\n\nThe CI is hitting some aperiodic hangup at device removal time in the\npmtu.sh self-test:\n\nunregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6\nref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at\n\tdst_init+0x84/0x4a0\n\tdst_alloc+0x97/0x150\n\tip6_dst_alloc+0x23/0x90\n\tip6_rt_pcpu_alloc+0x1e6/0x520\n\tip6_pol_route+0x56f/0x840\n\tfib6_rule_lookup+0x334/0x630\n\tip6_route_output_flags+0x259/0x480\n\tip6_dst_lookup_tail.constprop.0+0x5c2/0x940\n\tip6_dst_lookup_flow+0x88/0x190\n\tudp_tunnel6_dst_lookup+0x2a7/0x4c0\n\tvxlan_xmit_one+0xbde/0x4a50 [vxlan]\n\tvxlan_xmit+0x9ad/0xf20 [vxlan]\n\tdev_hard_start_xmit+0x10e/0x360\n\t__dev_queue_xmit+0xf95/0x18c0\n\tarp_solicit+0x4a2/0xe00\n\tneigh_probe+0xaa/0xf0\n\nWhile the first suspect is the dst_cache, explicitly tracking the dst\nowing the last device reference via probes proved such dst is held by\nthe nexthop in the originating fib6_info.\n\nSimilar to commit f5b51fe804ec (\"ipv6: route: purge exception on\nremoval\"), we need to explicitly release the originating fib info when\ndisconnecting a to-be-removed device from a live ipv6 dst: move the\nfib6_info cleanup into ip6_dst_ifdown().\n\nTested running:\n\n./pmtu.sh cleanup_ipv6_exception\n\nin a tight loop for more than 400 iterations with no spat, running an\nunpatched kernel I observed a splat every ~10 iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56751",
"url": "https://www.suse.com/security/cve/CVE-2024-56751"
},
{
"category": "external",
"summary": "SUSE Bug 1234936 for CVE-2024-56751",
"url": "https://bugzilla.suse.com/1234936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56758",
"url": "https://www.suse.com/security/cve/CVE-2024-56758"
},
{
"category": "external",
"summary": "SUSE Bug 1235621 for CVE-2024-56758",
"url": "https://bugzilla.suse.com/1235621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: netem: account for backlog updates from child qdisc\n\nIn general, \u0027qlen\u0027 of any classful qdisc should keep track of the\nnumber of packets that the qdisc itself and all of its children holds.\nIn case of netem, \u0027qlen\u0027 only accounts for the packets in its internal\ntfifo. When netem is used with a child qdisc, the child qdisc can use\n\u0027qdisc_tree_reduce_backlog\u0027 to inform its parent, netem, about created\nor dropped SKBs. This function updates \u0027qlen\u0027 and the backlog statistics\nof netem, but netem does not account for changes made by a child qdisc.\n\u0027qlen\u0027 then indicates the wrong number of packets in the tfifo.\nIf a child qdisc creates new SKBs during enqueue and informs its parent\nabout this, netem\u0027s \u0027qlen\u0027 value is increased. When netem dequeues the\nnewly created SKBs from the child, the \u0027qlen\u0027 in netem is not updated.\nIf \u0027qlen\u0027 reaches the configured sch-\u003elimit, the enqueue function stops\nworking, even though the tfifo is not full.\n\nReproduce the bug:\nEnsure that the sender machine has GSO enabled. Configure netem as root\nqdisc and tbf as its child on the outgoing interface of the machine\nas follows:\n$ tc qdisc add dev \u003coif\u003e root handle 1: netem delay 100ms limit 100\n$ tc qdisc add dev \u003coif\u003e parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms\n\nSend bulk TCP traffic out via this interface, e.g., by running an iPerf3\nclient on the machine. Check the qdisc statistics:\n$ tc -s qdisc show dev \u003coif\u003e\n\nStatistics after 10s of iPerf3 TCP test before the fix (note that\nnetem\u0027s backlog \u003e limit, netem stopped accepting packets):\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0)\n backlog 4294528236b 1155p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0)\n backlog 0b 0p requeues 0\n\nStatistics after the fix:\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0)\n backlog 0b 0p requeues 0\n\ntbf segments the GSO SKBs (tbf_segment) and updates the netem\u0027s \u0027qlen\u0027.\nThe interface fully stops transferring packets and \"locks\". In this case,\nthe child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at\nits limit and no more packets are accepted.\n\nThis patch adds a counter for the entries in the tfifo. Netem\u0027s \u0027qlen\u0027 is\nonly decreased when a packet is returned by its dequeue function, and not\nduring enqueuing into the child qdisc. External updates to \u0027qlen\u0027 are thus\naccounted for and only the behavior of the backlog statistics changes. As\nin other qdiscs, \u0027qlen\u0027 then keeps track of how many packets are held in\nnetem and all of its children. As before, sch-\u003elimit remains as the\nmaximum number of packets in the tfifo. The same applies to netem\u0027s\nbacklog statistics.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56770",
"url": "https://www.suse.com/security/cve/CVE-2024-56770"
},
{
"category": "external",
"summary": "SUSE Bug 1235637 for CVE-2024-56770",
"url": "https://bugzilla.suse.com/1235637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix for a potential deadlock\n\nThis fixes a \u0027possible circular locking dependency detected\u0027 warning\n CPU0 CPU1\n ---- ----\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n\nFix this by temporarily releasing the reset_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57807",
"url": "https://www.suse.com/security/cve/CVE-2024-57807"
},
{
"category": "external",
"summary": "SUSE Bug 1235761 for CVE-2024-57807",
"url": "https://bugzilla.suse.com/1235761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57807"
},
{
"cve": "CVE-2024-57834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread\n\nsyzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1]\n\nIf dvb-\u003emux is not initialized successfully by vidtv_mux_init() in the\nvidtv_start_streaming(), it will trigger null pointer dereference about mux\nin vidtv_mux_stop_thread().\n\nAdjust the timing of streaming initialization and check it before\nstopping it.\n\n[1]\nKASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\nCPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:vidtv_mux_stop_thread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471\nCode: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8\nRSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125\nRDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128\nRBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188\nR13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710\nFS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline]\n vidtv_stop_feed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252\n dmx_section_feed_stop_filtering+0x90/0x160 drivers/media/dvb-core/dvb_demux.c:1000\n dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486\n dvb_dmxdev_filter_stop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3f8/0xb60 fs/file_table.c:450\n task_work_run+0x14e/0x250 kernel/task_work.c:239\n get_signal+0x1d3/0x2610 kernel/signal.c:2790\n arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218\n do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57834",
"url": "https://www.suse.com/security/cve/CVE-2024-57834"
},
{
"category": "external",
"summary": "SUSE Bug 1238993 for CVE-2024-57834",
"url": "https://bugzilla.suse.com/1238993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 \u003c80\u003e 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n \u003c/TASK\u003e\n\nEric noted a probable shinfo-\u003enr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57882",
"url": "https://www.suse.com/security/cve/CVE-2024-57882"
},
{
"category": "external",
"summary": "SUSE Bug 1235914 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "external",
"summary": "SUSE Bug 1235916 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57882"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: serialize calls to nf_register_net_hooks()\n\nsyzbot found a race in ila_add_mapping() [1]\n\ncommit 031ae72825ce (\"ila: call nf_unregister_net_hooks() sooner\")\nattempted to fix a similar issue.\n\nLooking at the syzbot repro, we have concurrent ILA_CMD_ADD commands.\n\nAdd a mutex to make sure at most one thread is calling nf_register_net_hooks().\n\n[1]\n BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\nRead of size 4 at addr ffff888028f40008 by task dhcpcd/5501\n\nCPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626\n nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309\n __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672\n __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785\n process_backlog+0x443/0x15f0 net/core/dev.c:6117\n __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0xa94/0x1010 net/core/dev.c:7074\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57900",
"url": "https://www.suse.com/security/cve/CVE-2024-57900"
},
{
"category": "external",
"summary": "SUSE Bug 1235973 for CVE-2024-57900",
"url": "https://bugzilla.suse.com/1235973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrdma/cxgb4: Prevent potential integer overflow on 32bit\n\nThe \"gl-\u003etot_len\" variable is controlled by the user. It comes from\nprocess_responses(). On 32bit systems, the \"gl-\u003etot_len + sizeof(struct\ncpl_pass_accept_req) + sizeof(struct rss_header)\" addition could have an\ninteger wrapping bug. Use size_add() to prevent this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57973",
"url": "https://www.suse.com/security/cve/CVE-2024-57973"
},
{
"category": "external",
"summary": "SUSE Bug 1238531 for CVE-2024-57973",
"url": "https://bugzilla.suse.com/1238531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Deal with race between UDP socket address change and rehash\n\nIf a UDP socket changes its local address while it\u0027s receiving\ndatagrams, as a result of connect(), there is a period during which\na lookup operation might fail to find it, after the address is changed\nbut before the secondary hash (port and address) and the four-tuple\nhash (local and remote ports and addresses) are updated.\n\nSecondary hash chains were introduced by commit 30fff9231fad (\"udp:\nbind() optimisation\") and, as a result, a rehash operation became\nneeded to make a bound socket reachable again after a connect().\n\nThis operation was introduced by commit 719f835853a9 (\"udp: add\nrehash on connect()\") which isn\u0027t however a complete fix: the\nsocket will be found once the rehashing completes, but not while\nit\u0027s pending.\n\nThis is noticeable with a socat(1) server in UDP4-LISTEN mode, and a\nclient sending datagrams to it. After the server receives the first\ndatagram (cf. _xioopen_ipdgram_listen()), it issues a connect() to\nthe address of the sender, in order to set up a directed flow.\n\nNow, if the client, running on a different CPU thread, happens to\nsend a (subsequent) datagram while the server\u0027s socket changes its\naddress, but is not rehashed yet, this will result in a failed\nlookup and a port unreachable error delivered to the client, as\napparent from the following reproducer:\n\n LEN=$(($(cat /proc/sys/net/core/wmem_default) / 4))\n dd if=/dev/urandom bs=1 count=${LEN} of=tmp.in\n\n while :; do\n \ttaskset -c 1 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.1 || sleep 1\n \ttaskset -c 2 socat OPEN:tmp.in UDP4:localhost:1337,shut-null\n \twait\n done\n\nwhere the client will eventually get ECONNREFUSED on a write()\n(typically the second or third one of a given iteration):\n\n 2024/11/13 21:28:23 socat[46901] E write(6, 0x556db2e3c000, 8192): Connection refused\n\nThis issue was first observed as a seldom failure in Podman\u0027s tests\nchecking UDP functionality while using pasta(1) to connect the\ncontainer\u0027s network namespace, which leads us to a reproducer with\nthe lookup error resulting in an ICMP packet on a tap device:\n\n LOCAL_ADDR=\"$(ip -j -4 addr show|jq -rM \u0027.[] | .addr_info[0] | select(.scope == \"global\").local\u0027)\"\n\n while :; do\n \t./pasta --config-net -p pasta.pcap -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.2 || sleep 1\n \tsocat OPEN:tmp.in UDP4:${LOCAL_ADDR}:1337,shut-null\n \twait\n \tcmp tmp.in tmp.out\n done\n\nOnce this fails:\n\n tmp.in tmp.out differ: char 8193, line 29\n\nwe can finally have a look at what\u0027s going on:\n\n $ tshark -r pasta.pcap\n 1 0.000000 :: ? ff02::16 ICMPv6 110 Multicast Listener Report Message v2\n 2 0.168690 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 3 0.168767 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 4 0.168806 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 5 0.168827 c6:47:05:8d:dc:04 ? Broadcast ARP 42 Who has 88.198.0.161? Tell 88.198.0.164\n 6 0.168851 9a:55:9a:55:9a:55 ? c6:47:05:8d:dc:04 ARP 42 88.198.0.161 is at 9a:55:9a:55:9a:55\n 7 0.168875 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 8 0.168896 88.198.0.164 ? 88.198.0.161 ICMP 590 Destination unreachable (Port unreachable)\n 9 0.168926 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 10 0.168959 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 11 0.168989 88.198.0.161 ? 88.198.0.164 UDP 4138 60260 ? 1337 Len=4096\n 12 0.169010 88.198.0.161 ? 88.198.0.164 UDP 42 60260 ? 1337 Len=0\n\nOn the third datagram received, the network namespace of the container\ninitiates an ARP lookup to deliver the ICMP message.\n\nIn another variant of this reproducer, starting the client with:\n\n strace -f pasta --config-net -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,tru\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57974",
"url": "https://www.suse.com/security/cve/CVE-2024-57974"
},
{
"category": "external",
"summary": "SUSE Bug 1238532 for CVE-2024-57974",
"url": "https://bugzilla.suse.com/1238532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Fix potential error pointer dereference in detach_pm()\n\nThe proble is on the first line:\n\n\tif (jpeg-\u003epd_dev[i] \u0026\u0026 !pm_runtime_suspended(jpeg-\u003epd_dev[i]))\n\nIf jpeg-\u003epd_dev[i] is an error pointer, then passing it to\npm_runtime_suspended() will lead to an Oops. The other conditions\ncheck for both error pointers and NULL, but it would be more clear to\nuse the IS_ERR_OR_NULL() check for that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57978",
"url": "https://www.suse.com/security/cve/CVE-2024-57978"
},
{
"category": "external",
"summary": "SUSE Bug 1238523 for CVE-2024-57978",
"url": "https://bugzilla.suse.com/1238523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can\u0027t explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\n\n pps_core: source serial1 got cdev (251:1)\n \u003c...\u003e\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57979",
"url": "https://www.suse.com/security/cve/CVE-2024-57979"
},
{
"category": "external",
"summary": "SUSE Bug 1238521 for CVE-2024-57979",
"url": "https://bugzilla.suse.com/1238521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix double free in error path\n\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev-\u003estatus pointer but doesn\u0027t reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev-\u003estatus pointer to\nNULL after freeing it.\n\nReviewed by: Ricardo Ribalda \u003cribalda@chromium.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57980",
"url": "https://www.suse.com/security/cve/CVE-2024-57980"
},
{
"category": "external",
"summary": "SUSE Bug 1237911 for CVE-2024-57980",
"url": "https://bugzilla.suse.com/1237911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix NULL pointer dereference on certain command aborts\n\nIf a command is queued to the final usable TRB of a ring segment, the\nenqueue pointer is advanced to the subsequent link TRB and no further.\nIf the command is later aborted, when the abort completion is handled\nthe dequeue pointer is advanced to the first TRB of the next segment.\n\nIf no further commands are queued, xhci_handle_stopped_cmd_ring() sees\nthe ring pointers unequal and assumes that there is a pending command,\nso it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.\n\nDon\u0027t attempt timer setup if cur_cmd is NULL. The subsequent doorbell\nring likely is unnecessary too, but it\u0027s harmless. Leave it alone.\n\nThis is probably Bug 219532, but no confirmation has been received.\n\nThe issue has been independently reproduced and confirmed fixed using\na USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.\nEverything continued working normally after several prevented crashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57981",
"url": "https://www.suse.com/security/cve/CVE-2024-57981"
},
{
"category": "external",
"summary": "SUSE Bug 1237912 for CVE-2024-57981",
"url": "https://bugzilla.suse.com/1237912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Fix assumption that Resolution Multipliers must be in Logical Collections\n\nA report in 2019 by the syzbot fuzzer was found to be connected to two\nerrors in the HID core associated with Resolution Multipliers. One of\nthe errors was fixed by commit ea427a222d8b (\"HID: core: Fix deadloop\nin hid_apply_multiplier.\"), but the other has not been fixed.\n\nThis error arises because hid_apply_multipler() assumes that every\nResolution Multiplier control is contained in a Logical Collection,\ni.e., there\u0027s no way the routine can ever set multiplier_collection to\nNULL. This is in spite of the fact that the function starts with a\nbig comment saying:\n\n\t * \"The Resolution Multiplier control must be contained in the same\n\t * Logical Collection as the control(s) to which it is to be applied.\n\t ...\n\t * If no Logical Collection is\n\t * defined, the Resolution Multiplier is associated with all\n\t * controls in the report.\"\n\t * HID Usage Table, v1.12, Section 4.3.1, p30\n\t *\n\t * Thus, search from the current collection upwards until we find a\n\t * logical collection...\n\nThe comment and the code overlook the possibility that none of the\ncollections found may be a Logical Collection.\n\nThe fix is to set the multiplier_collection pointer to NULL if the\ncollection found isn\u0027t a Logical Collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57986",
"url": "https://www.suse.com/security/cve/CVE-2024-57986"
},
{
"category": "external",
"summary": "SUSE Bug 1237907 for CVE-2024-57986",
"url": "https://bugzilla.suse.com/1237907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: fix off by one in mt7925_load_clc()\n\nThis comparison should be \u003e= instead of \u003e to prevent an out of bounds\nread and write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57990",
"url": "https://www.suse.com/security/cve/CVE-2024-57990"
},
{
"category": "external",
"summary": "SUSE Bug 1237900 for CVE-2024-57990",
"url": "https://bugzilla.suse.com/1237900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check\n\nsyzbot has found a type mismatch between a USB pipe and the transfer\nendpoint, which is triggered by the hid-thrustmaster driver[1].\nThere is a number of similar, already fixed issues [2].\nIn this case as in others, implementing check for endpoint type fixes the issue.\n\n[1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470\n[2] https://syzkaller.appspot.com/bug?extid=348331f63b034f89b622",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57993",
"url": "https://www.suse.com/security/cve/CVE-2024-57993"
},
{
"category": "external",
"summary": "SUSE Bug 1237894 for CVE-2024-57993",
"url": "https://bugzilla.suse.com/1237894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don\u0027t allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q-\u003etail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57996",
"url": "https://www.suse.com/security/cve/CVE-2024-57996"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "external",
"summary": "SUSE Bug 1239077 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wcn36xx: fix channel survey memory allocation size\n\nKASAN reported a memory allocation issue in wcn-\u003echan_survey\ndue to incorrect size calculation.\nThis commit uses kcalloc to allocate memory for wcn-\u003echan_survey,\nensuring proper initialization and preventing the use of uninitialized\nvalues when there are no frames on the channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57997",
"url": "https://www.suse.com/security/cve/CVE-2024-57997"
},
{
"category": "external",
"summary": "SUSE Bug 1238529 for CVE-2024-57997",
"url": "https://bugzilla.suse.com/1238529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW\n\nPower Hypervisor can possibily allocate MMIO window intersecting with\nDynamic DMA Window (DDW) range, which is over 32-bit addressing.\n\nThese MMIO pages needs to be marked as reserved so that IOMMU doesn\u0027t map\nDMA buffers in this range.\n\nThe current code is not marking these pages correctly which is resulting\nin LPAR to OOPS while booting. The stack is at below\n\nBUG: Unable to handle kernel data access on read at 0xc00800005cd40000\nFaulting instruction address: 0xc00000000005cdac\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod\nSupported: Yes, External\nCPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b\nHardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries\nWorkqueue: events work_for_cpu_fn\nNIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000\nREGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default)\nMSR: 800000000280b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 24228448 XER: 00000001\nCFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0\nGPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800\nGPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000\nGPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff\nGPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000\nGPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800\nGPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b\nGPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8\nGPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800\nNIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100\nLR [c00000000005e830] iommu_init_table+0x80/0x1e0\nCall Trace:\n[c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable)\n[c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40\n[c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230\n[c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90\n[c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80\n[c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net]\n[c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110\n[c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60\n[c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620\n[c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620\n[c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150\n[c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18\n\nThere are 2 issues in the code\n\n1. The index is \"int\" while the address is \"unsigned long\". This results in\n negative value when setting the bitmap.\n\n2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit\n address). MMIO address needs to be page shifted as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57999",
"url": "https://www.suse.com/security/cve/CVE-2024-57999"
},
{
"category": "external",
"summary": "SUSE Bug 1238526 for CVE-2024-57999",
"url": "https://bugzilla.suse.com/1238526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Remove dangling pointers\n\nWhen an async control is written, we copy a pointer to the file handle\nthat started the operation. That pointer will be used when the device is\ndone. Which could be anytime in the future.\n\nIf the user closes that file descriptor, its structure will be freed,\nand there will be one dangling pointer per pending async control, that\nthe driver will try to use.\n\nClean all the dangling pointers during release().\n\nTo avoid adding a performance penalty in the most common case (no async\noperation), a counter has been introduced with some logic to make sure\nthat it is properly handled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58002",
"url": "https://www.suse.com/security/cve/CVE-2024-58002"
},
{
"category": "external",
"summary": "SUSE Bug 1238503 for CVE-2024-58002",
"url": "https://bugzilla.suse.com/1238503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Change to kvalloc() in eventlog/acpi.c\n\nThe following failure was reported on HPE ProLiant D320:\n\n[ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0)\n[ 10.848132][ T1] ------------[ cut here ]------------\n[ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330\n[ 10.862827][ T1] Modules linked in:\n[ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375\n[ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024\n[ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330\n[ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 \u003c0f\u003e 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1\n[ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246\n[ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000\n[ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0\n\nThe above transcript shows that ACPI pointed a 16 MiB buffer for the log\nevents because RSI maps to the \u0027order\u0027 parameter of __alloc_pages_noprof().\nAddress the bug by moving from devm_kmalloc() to devm_add_action() and\nkvmalloc() and devm_add_action().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58005",
"url": "https://www.suse.com/security/cve/CVE-2024-58005"
},
{
"category": "external",
"summary": "SUSE Bug 1237873 for CVE-2024-58005",
"url": "https://bugzilla.suse.com/1237873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()\n\nIn commit 4284c88fff0e (\"PCI: designware-ep: Allow pci_epc_set_bar() update\ninbound map address\") set_bar() was modified to support dynamically\nchanging the backing physical address of a BAR that was already configured.\n\nThis means that set_bar() can be called twice, without ever calling\nclear_bar() (as calling clear_bar() would clear the BAR\u0027s PCI address\nassigned by the host).\n\nThis can only be done if the new BAR size/flags does not differ from the\nexisting BAR configuration. Add these missing checks.\n\nIf we allow set_bar() to set e.g. a new BAR size that differs from the\nexisting BAR size, the new address translation range will be smaller than\nthe BAR size already determined by the host, which would mean that a read\npast the new BAR size would pass the iATU untranslated, which could allow\nthe host to read memory not belonging to the new struct pci_epf_bar.\n\nWhile at it, add comments which clarifies the support for dynamically\nchanging the physical address of a BAR. (Which was also missing.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58006",
"url": "https://www.suse.com/security/cve/CVE-2024-58006"
},
{
"category": "external",
"summary": "SUSE Bug 1238772 for CVE-2024-58006",
"url": "https://bugzilla.suse.com/1238772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: socinfo: Avoid out of bounds read of serial number\n\nOn MSM8916 devices, the serial number exposed in sysfs is constant and does\nnot change across individual devices. It\u0027s always:\n\n db410c:/sys/devices/soc0$ cat serial_number\n 2644893864\n\nThe firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not\nhave support for the serial_num field in the socinfo struct. There is an\nexisting check to avoid exposing the serial number in that case, but it\u0027s\nnot correct: When checking the item_size returned by SMEM, we need to make\nsure the *end* of the serial_num is within bounds, instead of comparing\nwith the *start* offset. The serial_number currently exposed on MSM8916\ndevices is just an out of bounds read of whatever comes after the socinfo\nstruct in SMEM.\n\nFix this by changing offsetof() to offsetofend(), so that the size of the\nfield is also taken into account.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58007",
"url": "https://www.suse.com/security/cve/CVE-2024-58007"
},
{
"category": "external",
"summary": "SUSE Bug 1238511 for CVE-2024-58007",
"url": "https://bugzilla.suse.com/1238511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58009",
"url": "https://www.suse.com/security/cve/CVE-2024-58009"
},
{
"category": "external",
"summary": "SUSE Bug 1238760 for CVE-2024-58009",
"url": "https://bugzilla.suse.com/1238760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: int3472: Check for adev == NULL\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL. This\ncan e.g. (theoretically) happen when a user manually binds one of\nthe int3472 drivers to another i2c/platform device through sysfs.\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58011",
"url": "https://www.suse.com/security/cve/CVE-2024-58011"
},
{
"category": "external",
"summary": "SUSE Bug 1239080 for CVE-2024-58011",
"url": "https://bugzilla.suse.com/1239080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params\n\nEach cpu DAI should associate with a widget. However, the topology might\nnot create the right number of DAI widgets for aggregated amps. And it\nwill cause NULL pointer deference.\nCheck that the DAI widget associated with the CPU DAI is valid to prevent\nNULL pointer deference due to missing DAI widgets in topologies with\naggregated amps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58012",
"url": "https://www.suse.com/security/cve/CVE-2024-58012"
},
{
"category": "external",
"summary": "SUSE Bug 1239104 for CVE-2024-58012",
"url": "https://bugzilla.suse.com/1239104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\nRead of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961\n\nCPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 16026:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n sock_write_iter+0x2d7/0x3f0 net/socket.c:1147\n new_sync_write fs/read_write.c:586 [inline]\n vfs_write+0xaeb/0xd30 fs/read_write.c:679\n ksys_write+0x18f/0x2b0 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 16022:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kfree+0x196/0x420 mm/slub.c:4746\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550\n hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1209\n sock_ioctl+0x626/0x8e0 net/socket.c:1328\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58013",
"url": "https://www.suse.com/security/cve/CVE-2024-58013"
},
{
"category": "external",
"summary": "SUSE Bug 1239095 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "external",
"summary": "SUSE Bug 1239096 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()\n\nIn \u0027wlc_phy_iqcal_gainparams_nphy()\u0027, add gain range check to WARN()\ninstead of possible out-of-bounds \u0027tbl_iqcal_gainparams_nphy\u0027 access.\nCompile tested only.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58014",
"url": "https://www.suse.com/security/cve/CVE-2024-58014"
},
{
"category": "external",
"summary": "SUSE Bug 1239109 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "external",
"summary": "SUSE Bug 1239110 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nprintk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX\n\nShifting 1 \u003c\u003c 31 on a 32-bit int causes signed integer overflow, which\nleads to undefined behavior. To prevent this, cast 1 to u32 before\nperforming the shift, ensuring well-defined behavior.\n\nThis change explicitly avoids any potential overflow by ensuring that\nthe shift occurs on an unsigned 32-bit integer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58017",
"url": "https://www.suse.com/security/cve/CVE-2024-58017"
},
{
"category": "external",
"summary": "SUSE Bug 1239112 for CVE-2024-58017",
"url": "https://bugzilla.suse.com/1239112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm: correctly calculate the available space of the GSP cmdq buffer\n\nr535_gsp_cmdq_push() waits for the available page in the GSP cmdq\nbuffer when handling a large RPC request. When it sees at least one\navailable page in the cmdq, it quits the waiting with the amount of\nfree buffer pages in the queue.\n\nUnfortunately, it always takes the [write pointer, buf_size) as\navailable buffer pages before rolling back and wrongly calculates the\nsize of the data should be copied. Thus, it can overwrite the RPC\nrequest that GSP is currently reading, which causes GSP hang due\nto corrupted RPC request:\n\n[ 549.209389] ------------[ cut here ]------------\n[ 549.214010] WARNING: CPU: 8 PID: 6314 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c:116 r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.225678] Modules linked in: nvkm(E+) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) mlx5_ib(E) amd64_edac(E) edac_mce_amd(E) kvm_amd(E) ib_uverbs(E) kvm(E) ib_core(E) acpi_ipmi(E) ipmi_si(E) mxm_wmi(E) ipmi_devintf(E) rapl(E) i2c_piix4(E) wmi_bmof(E) joydev(E) ptdma(E) acpi_cpufreq(E) k10temp(E) pcspkr(E) ipmi_msghandler(E) xfs(E) libcrc32c(E) ast(E) i2c_algo_bit(E) crct10dif_pclmul(E) drm_shmem_helper(E) nvme_tcp(E) crc32_pclmul(E) ahci(E) drm_kms_helper(E) libahci(E) nvme_fabrics(E) crc32c_intel(E) nvme(E) cdc_ether(E) mlx5_core(E) nvme_core(E) usbnet(E) drm(E) libata(E) ccp(E) ghash_clmulni_intel(E) mii(E) t10_pi(E) mlxfw(E) sp5100_tco(E) psample(E) pci_hyperv_intf(E) wmi(E) dm_multipath(E) sunrpc(E) dm_mirror(E) dm_region_hash(E) dm_log(E) dm_mod(E) be2iscsi(E) bnx2i(E) cnic(E) uio(E) cxgb4i(E) cxgb4(E) tls(E) libcxgbi(E) libcxgb(E) qla4xxx(E)\n[ 549.225752] iscsi_boot_sysfs(E) iscsi_tcp(E) libiscsi_tcp(E) libiscsi(E) scsi_transport_iscsi(E) fuse(E) [last unloaded: gsp_log(E)]\n[ 549.326293] CPU: 8 PID: 6314 Comm: insmod Tainted: G E 6.9.0-rc6+ #1\n[ 549.334039] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 549.341781] RIP: 0010:r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.347343] Code: 08 00 00 89 da c1 e2 0c 48 8d ac 11 00 10 00 00 48 8b 0c 24 48 85 c9 74 1f c1 e0 0c 4c 8d 6d 30 83 e8 30 89 01 e9 68 ff ff ff \u003c0f\u003e 0b 49 c7 c5 92 ff ff ff e9 5a ff ff ff ba ff ff ff ff be c0 0c\n[ 549.366090] RSP: 0018:ffffacbccaaeb7d0 EFLAGS: 00010246\n[ 549.371315] RAX: 0000000000000000 RBX: 0000000000000012 RCX: 0000000000923e28\n[ 549.378451] RDX: 0000000000000000 RSI: 0000000055555554 RDI: ffffacbccaaeb730\n[ 549.385590] RBP: 0000000000000001 R08: ffff8bd14d235f70 R09: ffff8bd14d235f70\n[ 549.392721] R10: 0000000000000002 R11: ffff8bd14d233864 R12: 0000000000000020\n[ 549.399854] R13: ffffacbccaaeb818 R14: 0000000000000020 R15: ffff8bb298c67000\n[ 549.406988] FS: 00007f5179244740(0000) GS:ffff8bd14d200000(0000) knlGS:0000000000000000\n[ 549.415076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 549.420829] CR2: 00007fa844000010 CR3: 00000001567dc005 CR4: 0000000000770ef0\n[ 549.427963] PKRU: 55555554\n[ 549.430672] Call Trace:\n[ 549.433126] \u003cTASK\u003e\n[ 549.435233] ? __warn+0x7f/0x130\n[ 549.438473] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.443426] ? report_bug+0x18a/0x1a0\n[ 549.447098] ? handle_bug+0x3c/0x70\n[ 549.450589] ? exc_invalid_op+0x14/0x70\n[ 549.454430] ? asm_exc_invalid_op+0x16/0x20\n[ 549.458619] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.463565] r535_gsp_msg_recv+0x46/0x230 [nvkm]\n[ 549.468257] r535_gsp_rpc_push+0x106/0x160 [nvkm]\n[ 549.473033] r535_gsp_rpc_rm_ctrl_push+0x40/0x130 [nvkm]\n[ 549.478422] nvidia_grid_init_vgpu_types+0xbc/0xe0 [nvkm]\n[ 549.483899] nvidia_grid_init+0xb1/0xd0 [nvkm]\n[ 549.488420] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 549.493213] nvkm_device_pci_probe+0x305/0x420 [nvkm]\n[ 549.498338] local_pci_probe+0x46/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58018",
"url": "https://www.suse.com/security/cve/CVE-2024-58018"
},
{
"category": "external",
"summary": "SUSE Bug 1238990 for CVE-2024-58018",
"url": "https://bugzilla.suse.com/1238990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58018"
},
{
"cve": "CVE-2024-58019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm/gsp: correctly advance the read pointer of GSP message queue\n\nA GSP event message consists three parts: message header, RPC header,\nmessage body. GSP calculates the number of pages to write from the\ntotal size of a GSP message. This behavior can be observed from the\nmovement of the write pointer.\n\nHowever, nvkm takes only the size of RPC header and message body as\nthe message size when advancing the read pointer. When handling a\ntwo-page GSP message in the non rollback case, It wrongly takes the\nmessage body of the previous message as the message header of the next\nmessage. As the \"message length\" tends to be zero, in the calculation of\nsize needs to be copied (0 - size of (message header)), the size needs to\nbe copied will be \"0xffffffxx\". It also triggers a kernel panic due to a\nNULL pointer error.\n\n[ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@.......\n[ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................\n[ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................\n[ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................\n[ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 547.669485] #PF: supervisor read access in kernel mode\n[ 547.674624] #PF: error_code(0x0000) - not-present page\n[ 547.679755] PGD 0 P4D 0\n[ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1\n[ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm]\n[ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 \u003c8b\u003e 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05\n[ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203\n[ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f\n[ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010\n[ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0\n[ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000\n[ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000\n[ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000\n[ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0\n[ 547.793896] PKRU: 55555554\n[ 547.796600] Call Trace:\n[ 547.799046] \u003cTASK\u003e\n[ 547.801152] ? __die+0x20/0x70\n[ 547.804211] ? page_fault_oops+0x75/0x170\n[ 547.808221] ? print_hex_dump+0x100/0x160\n[ 547.812226] ? exc_page_fault+0x64/0x150\n[ 547.816152] ? asm_exc_page_fault+0x22/0x30\n[ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm]\n[ 547.829845] process_one_work+0x196/0x3d0\n[ 547.833861] worker_thread+0x2fc/0x410\n[ 547.837613] ? __pfx_worker_thread+0x10/0x10\n[ 547.841885] kthread+0xdf/0x110\n[ 547.845031] ? __pfx_kthread+0x10/0x10\n[ 547.848775] ret_from_fork+0x30/0x50\n[ 547.852354] ? __pfx_kthread+0x10/0x10\n[ 547.856097] ret_from_fork_asm+0x1a/0x30\n[ 547.860019] \u003c/TASK\u003e\n[ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58019",
"url": "https://www.suse.com/security/cve/CVE-2024-58019"
},
{
"category": "external",
"summary": "SUSE Bug 1238997 for CVE-2024-58019",
"url": "https://bugzilla.suse.com/1238997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Add NULL check in mt_input_configured\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt_input_configured() is not checked.\nAdd NULL check in mt_input_configured(), to handle kernel NULL\npointer dereference error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58020",
"url": "https://www.suse.com/security/cve/CVE-2024-58020"
},
{
"category": "external",
"summary": "SUSE Bug 1239346 for CVE-2024-58020",
"url": "https://bugzilla.suse.com/1239346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()\n\nAs of_find_node_by_name() release the reference of the argument device\nnode, tegra_emc_find_node_by_ram_code() releases some device nodes while\nstill in use, resulting in possible UAFs. According to the bindings and\nthe in-tree DTS files, the \"emc-tables\" node is always device\u0027s child\nnode with the property \"nvidia,use-ram-code\", and the \"lpddr2\" node is a\nchild of the \"emc-tables\" node. Thus utilize the\nfor_each_child_of_node() macro and of_get_child_by_name() instead of\nof_find_node_by_name() to simplify the code.\n\nThis bug was found by an experimental verification tool that I am\ndeveloping.\n\n[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58034",
"url": "https://www.suse.com/security/cve/CVE-2024-58034"
},
{
"category": "external",
"summary": "SUSE Bug 1238773 for CVE-2024-58034",
"url": "https://bugzilla.suse.com/1238773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ipmb: Add check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this\nreturned value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58051",
"url": "https://www.suse.com/security/cve/CVE-2024-58051"
},
{
"category": "external",
"summary": "SUSE Bug 1238963 for CVE-2024-58051",
"url": "https://bugzilla.suse.com/1238963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table\n\nThe function atomctrl_get_smc_sclk_range_table() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to\nretrieve SMU_Info table, it returns NULL which is later dereferenced.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nIn practice this should never happen as this code only gets called\non polaris chips and the vbios data table will always be present on\nthose chips.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58052",
"url": "https://www.suse.com/security/cve/CVE-2024-58052"
},
{
"category": "external",
"summary": "SUSE Bug 1238986 for CVE-2024-58052",
"url": "https://bugzilla.suse.com/1238986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58052"
},
{
"cve": "CVE-2024-58054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: max96712: fix kernel oops when removing module\n\nThe following kernel oops is thrown when trying to remove the max96712\nmodule:\n\nUnable to handle kernel paging request at virtual address 00007375746174db\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af89000\n[00007375746174db] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in: crct10dif_ce polyval_ce mxc_jpeg_encdec flexcan\n snd_soc_fsl_sai snd_soc_fsl_asoc_card snd_soc_fsl_micfil dwc_mipi_csi2\n imx_csi_formatter polyval_generic v4l2_jpeg imx_pcm_dma can_dev\n snd_soc_imx_audmux snd_soc_wm8962 snd_soc_imx_card snd_soc_fsl_utils\n max96712(C-) rpmsg_ctrl rpmsg_char pwm_fan fuse\n [last unloaded: imx8_isi]\nCPU: 0 UID: 0 PID: 754 Comm: rmmod\n\t Tainted: G C 6.12.0-rc6-06364-g327fec852c31 #17\nTainted: [C]=CRAP\nHardware name: NXP i.MX95 19X19 board (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : led_put+0x1c/0x40\nlr : v4l2_subdev_put_privacy_led+0x48/0x58\nsp : ffff80008699bbb0\nx29: ffff80008699bbb0 x28: ffff00008ac233c0 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000080cf1170 x22: ffff00008b53bd00 x21: ffff8000822ad1c8\nx20: ffff000080ff5c00 x19: ffff00008b53be40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000004 x13: ffff0000800f8010 x12: 0000000000000000\nx11: ffff000082acf5c0 x10: ffff000082acf478 x9 : ffff0000800f8010\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000020 x3 : 00000000553a3dc1\nx2 : ffff00008ac233c0 x1 : ffff00008ac233c0 x0 : ff00737574617473\nCall trace:\n led_put+0x1c/0x40\n v4l2_subdev_put_privacy_led+0x48/0x58\n v4l2_async_unregister_subdev+0x2c/0x1a4\n max96712_remove+0x1c/0x38 [max96712]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x4c/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n max96712_i2c_driver_exit+0x18/0x1d0 [max96712]\n __arm64_sys_delete_module+0x1a4/0x290\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xd8\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x190/0x194\nCode: f9000bf3 aa0003f3 f9402800 f9402000 (f9403400)\n---[ end trace 0000000000000000 ]---\n\nThis happens because in v4l2_i2c_subdev_init(), the i2c_set_cliendata()\nis called again and the data is overwritten to point to sd, instead of\npriv. So, in remove(), the wrong pointer is passed to\nv4l2_async_unregister_subdev(), leading to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58054",
"url": "https://www.suse.com/security/cve/CVE-2024-58054"
},
{
"category": "external",
"summary": "SUSE Bug 1238975 for CVE-2024-58054",
"url": "https://bugzilla.suse.com/1238975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58054"
},
{
"cve": "CVE-2024-58055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_tcm: Don\u0027t free command immediately\n\nDon\u0027t prematurely free the command. Wait for the status completion of\nthe sense status. It can be freed then. Otherwise we will double-free\nthe command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58055",
"url": "https://www.suse.com/security/cve/CVE-2024-58055"
},
{
"category": "external",
"summary": "SUSE Bug 1238959 for CVE-2024-58055",
"url": "https://bugzilla.suse.com/1238959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58055"
},
{
"cve": "CVE-2024-58056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Fix ida_free call while not allocated\n\nIn the rproc_alloc() function, on error, put_device(\u0026rproc-\u003edev) is\ncalled, leading to the call of the rproc_type_release() function.\nAn error can occurs before ida_alloc is called.\n\nIn such case in rproc_type_release(), the condition (rproc-\u003eindex \u003e= 0) is\ntrue as rproc-\u003eindex has been initialized to 0.\nida_free() is called reporting a warning:\n[ 4.181906] WARNING: CPU: 1 PID: 24 at lib/idr.c:525 ida_free+0x100/0x164\n[ 4.186378] stm32-display-dsi 5a000000.dsi: Fixed dependency cycle(s) with /soc/dsi@5a000000/panel@0\n[ 4.188854] ida_free called for id=0 which is not allocated.\n[ 4.198256] mipi-dsi 5a000000.dsi.0: Fixed dependency cycle(s) with /soc/dsi@5a000000\n[ 4.203556] Modules linked in: panel_orisetech_otm8009a dw_mipi_dsi_stm(+) gpu_sched dw_mipi_dsi stm32_rproc stm32_crc32 stm32_ipcc(+) optee(+)\n[ 4.224307] CPU: 1 UID: 0 PID: 24 Comm: kworker/u10:0 Not tainted 6.12.0 #442\n[ 4.231481] Hardware name: STM32 (Device Tree Support)\n[ 4.236627] Workqueue: events_unbound deferred_probe_work_func\n[ 4.242504] Call trace:\n[ 4.242522] unwind_backtrace from show_stack+0x10/0x14\n[ 4.250218] show_stack from dump_stack_lvl+0x50/0x64\n[ 4.255274] dump_stack_lvl from __warn+0x80/0x12c\n[ 4.260134] __warn from warn_slowpath_fmt+0x114/0x188\n[ 4.265199] warn_slowpath_fmt from ida_free+0x100/0x164\n[ 4.270565] ida_free from rproc_type_release+0x38/0x60\n[ 4.275832] rproc_type_release from device_release+0x30/0xa0\n[ 4.281601] device_release from kobject_put+0xc4/0x294\n[ 4.286762] kobject_put from rproc_alloc.part.0+0x208/0x28c\n[ 4.292430] rproc_alloc.part.0 from devm_rproc_alloc+0x80/0xc4\n[ 4.298393] devm_rproc_alloc from stm32_rproc_probe+0xd0/0x844 [stm32_rproc]\n[ 4.305575] stm32_rproc_probe [stm32_rproc] from platform_probe+0x5c/0xbc\n\nCalling ida_alloc earlier in rproc_alloc ensures that the rproc-\u003eindex is\nproperly set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58056",
"url": "https://www.suse.com/security/cve/CVE-2024-58056"
},
{
"category": "external",
"summary": "SUSE Bug 1238981 for CVE-2024-58056",
"url": "https://bugzilla.suse.com/1238981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58056"
},
{
"cve": "CVE-2024-58057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert workqueues to unbound\n\nWhen a workqueue is created with `WQ_UNBOUND`, its work items are\nserved by special worker-pools, whose host workers are not bound to\nany specific CPU. In the default configuration (i.e. when\n`queue_delayed_work` and friends do not specify which CPU to run the\nwork item on), `WQ_UNBOUND` allows the work item to be executed on any\nCPU in the same node of the CPU it was enqueued on. While this\nsolution potentially sacrifices locality, it avoids contention with\nother processes that might dominate the CPU time of the processor the\nwork item was scheduled on.\n\nThis is not just a theoretical problem: in a particular scenario\nmisconfigured process was hogging most of the time from CPU0, leaving\nless than 0.5% of its CPU time to the kworker. The IDPF workqueues\nthat were using the kworker on CPU0 suffered large completion delays\nas a result, causing performance degradation, timeouts and eventual\nsystem crash.\n\n\n* I have also run a manual test to gauge the performance\n improvement. The test consists of an antagonist process\n (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This\n process is run under `taskset 01` to bind it to CPU0, and its\n priority is changed with `chrt -pQ 9900 10000 ${pid}` and\n `renice -n -20 ${pid}` after start.\n\n Then, the IDPF driver is forced to prefer CPU0 by editing all calls\n to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0.\n\n Finally, `ktraces` for the workqueue events are collected.\n\n Without the current patch, the antagonist process can force\n arbitrary delays between `workqueue_queue_work` and\n `workqueue_execute_start`, that in my tests were as high as\n `30ms`. With the current patch applied, the workqueue can be\n migrated to another unloaded CPU in the same node, and, keeping\n everything else equal, the maximum delay I could see was `6us`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58057",
"url": "https://www.suse.com/security/cve/CVE-2024-58057"
},
{
"category": "external",
"summary": "SUSE Bug 1238969 for CVE-2024-58057",
"url": "https://bugzilla.suse.com/1238969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58057"
},
{
"cve": "CVE-2024-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: skip dumping tnc tree when zroot is null\n\nClearing slab cache will free all znode in memory and make\nc-\u003ezroot.znode = NULL, then dumping tnc tree will access\nc-\u003ezroot.znode which cause null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58058",
"url": "https://www.suse.com/security/cve/CVE-2024-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1238979 for CVE-2024-58058",
"url": "https://bugzilla.suse.com/1238979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: prohibit deactivating all links\n\nIn the internal API this calls this is a WARN_ON, but that\nshould remain since internally we want to know about bugs\nthat may cause this. Prevent deactivating all links in the\ndebugfs write directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58061",
"url": "https://www.suse.com/security/cve/CVE-2024-58061"
},
{
"category": "external",
"summary": "SUSE Bug 1238973 for CVE-2024-58061",
"url": "https://bugzilla.suse.com/1238973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58061"
},
{
"cve": "CVE-2024-58063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: fix memory leaks and invalid access at probe error path\n\nDeinitialize at reverse order when probe fails.\n\nWhen init_sw_vars fails, rtl_deinit_core should not be called, specially\nnow that it destroys the rtl_wq workqueue.\n\nAnd call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be\nleaked.\n\nRemove pci_set_drvdata call as it will already be cleaned up by the core\ndriver code and could lead to memory leaks too. cf. commit 8d450935ae7f\n(\"wireless: rtlwifi: remove unnecessary pci_set_drvdata()\") and\ncommit 3d86b93064c7 (\"rtlwifi: Fix PCI probe error path orphaned memory\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58063",
"url": "https://www.suse.com/security/cve/CVE-2024-58063"
},
{
"category": "external",
"summary": "SUSE Bug 1238984 for CVE-2024-58063",
"url": "https://bugzilla.suse.com/1238984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read\n\nThe nvmem interface supports variable buffer sizes, while the regmap\ninterface operates with fixed-size storage. If an nvmem client uses a\nbuffer size less than 4 bytes, regmap_read will write out of bounds\nas it expects the buffer to point at an unsigned int.\n\nFix this by using an intermediary unsigned int to hold the value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58069",
"url": "https://www.suse.com/security/cve/CVE-2024-58069"
},
{
"category": "external",
"summary": "SUSE Bug 1238978 for CVE-2024-58069",
"url": "https://bugzilla.suse.com/1238978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58069"
},
{
"cve": "CVE-2024-58071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: prevent adding a device which is already a team device lower\n\nPrevent adding a device which is already a team device lower,\ne.g. adding veth0 if vlan1 was already added and veth0 is a lower of\nvlan1.\n\nThis is not useful in practice and can lead to recursive locking:\n\n$ ip link add veth0 type veth peer name veth1\n$ ip link set veth0 up\n$ ip link set veth1 up\n$ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1\n$ ip link add team0 type team\n$ ip link set veth0.1 down\n$ ip link set veth0.1 master team0\nteam0: Port device veth0.1 added\n$ ip link set veth0 down\n$ ip link set veth0 master team0\n\n============================================\nWARNING: possible recursive locking detected\n6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted\n--------------------------------------------\nip/7684 is trying to acquire lock:\nffff888016848e00 (team-\u003eteam_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n\nbut task is already holding lock:\nffff888016848e00 (team-\u003eteam_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977)\n\nother info that might help us debug this:\nPossible unsafe locking scenario:\n\nCPU0\n----\nlock(team-\u003eteam_lock_key);\nlock(team-\u003eteam_lock_key);\n\n*** DEADLOCK ***\n\nMay be due to missing lock nesting notation\n\n2 locks held by ip/7684:\n\nstack backtrace:\nCPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:122)\nprint_deadlock_bug.cold (kernel/locking/lockdep.c:3040)\n__lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226)\n? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548)\nlock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2))\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? lock_acquire (kernel/locking/lockdep.c:5822)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n__mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? fib_sync_up (net/ipv4/fib_semantics.c:2167)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\nteam_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\nnotifier_call_chain (kernel/notifier.c:85)\ncall_netdevice_notifiers_info (net/core/dev.c:1996)\n__dev_notify_flags (net/core/dev.c:8993)\n? __dev_change_flags (net/core/dev.c:8975)\ndev_change_flags (net/core/dev.c:9027)\nvlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470)\n? br_device_event (net/bridge/br.c:143)\nnotifier_call_chain (kernel/notifier.c:85)\ncall_netdevice_notifiers_info (net/core/dev.c:1996)\ndev_open (net/core/dev.c:1519 net/core/dev.c:1505)\nteam_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977)\n? __pfx_team_add_slave (drivers/net/team/team_core.c:1972)\ndo_set_master (net/core/rtnetlink.c:2917)\ndo_setlink.isra.0 (net/core/rtnetlink.c:3117)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58071",
"url": "https://www.suse.com/security/cve/CVE-2024-58071"
},
{
"category": "external",
"summary": "SUSE Bug 1238970 for CVE-2024-58071",
"url": "https://bugzilla.suse.com/1238970"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58071"
},
{
"cve": "CVE-2024-58072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58072",
"url": "https://www.suse.com/security/cve/CVE-2024-58072"
},
{
"category": "external",
"summary": "SUSE Bug 1238964 for CVE-2024-58072",
"url": "https://bugzilla.suse.com/1238964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-sm6350: Add missing parent_map for two clocks\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for two clocks where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58076",
"url": "https://www.suse.com/security/cve/CVE-2024-58076"
},
{
"category": "external",
"summary": "SUSE Bug 1239037 for CVE-2024-58076",
"url": "https://bugzilla.suse.com/1239037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58076"
},
{
"cve": "CVE-2024-58078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors\n\nmisc_minor_alloc was allocating id using ida for minor only in case of\nMISC_DYNAMIC_MINOR but misc_minor_free was always freeing ids\nusing ida_free causing a mismatch and following warn:\n\u003e \u003e WARNING: CPU: 0 PID: 159 at lib/idr.c:525 ida_free+0x3e0/0x41f\n\u003e \u003e ida_free called for id=127 which is not allocated.\n\u003e \u003e \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\n...\n\u003e \u003e [\u003c60941eb4\u003e] ida_free+0x3e0/0x41f\n\u003e \u003e [\u003c605ac993\u003e] misc_minor_free+0x3e/0xbc\n\u003e \u003e [\u003c605acb82\u003e] misc_deregister+0x171/0x1b3\n\nmisc_minor_alloc is changed to allocate id from ida for all minors\nfalling in the range of dynamic/ misc dynamic minors",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58078",
"url": "https://www.suse.com/security/cve/CVE-2024-58078"
},
{
"category": "external",
"summary": "SUSE Bug 1239034 for CVE-2024-58078",
"url": "https://bugzilla.suse.com/1239034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58078"
},
{
"cve": "CVE-2024-58079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix crash during unbind if gpio unit is in use\n\nWe used the wrong device for the device managed functions. We used the\nusb device, when we should be using the interface device.\n\nIf we unbind the driver from the usb interface, the cleanup functions\nare never called. In our case, the IRQ is never disabled.\n\nIf an IRQ is triggered, it will try to access memory sections that are\nalready free, causing an OOPS.\n\nWe cannot use the function devm_request_threaded_irq here. The devm_*\nclean functions may be called after the main structure is released by\nuvc_delete.\n\nLuckily this bug has small impact, as it is only affected by devices\nwith gpio units and the user has to unbind the device, a disconnect will\nnot trigger this error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58079",
"url": "https://www.suse.com/security/cve/CVE-2024-58079"
},
{
"category": "external",
"summary": "SUSE Bug 1239029 for CVE-2024-58079",
"url": "https://bugzilla.suse.com/1239029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58079"
},
{
"cve": "CVE-2024-58080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: dispcc-sm6350: Add missing parent_map for a clock\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for the clock where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58080",
"url": "https://www.suse.com/security/cve/CVE-2024-58080"
},
{
"category": "external",
"summary": "SUSE Bug 1239027 for CVE-2024-58080",
"url": "https://bugzilla.suse.com/1239027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58080"
},
{
"cve": "CVE-2024-58083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Explicitly verify target vCPU is online in kvm_get_vcpu()\n\nExplicitly verify the target vCPU is fully online _prior_ to clamping the\nindex in kvm_get_vcpu(). If the index is \"bad\", the nospec clamping will\ngenerate \u00270\u0027, i.e. KVM will return vCPU0 instead of NULL.\n\nIn practice, the bug is unlikely to cause problems, as it will only come\ninto play if userspace or the guest is buggy or misbehaving, e.g. KVM may\nsend interrupts to vCPU0 instead of dropping them on the floor.\n\nHowever, returning vCPU0 when it shouldn\u0027t exist per online_vcpus is\nproblematic now that KVM uses an xarray for the vCPUs array, as KVM needs\nto insert into the xarray before publishing the vCPU to userspace (see\ncommit c5b077549136 (\"KVM: Convert the kvm-\u003evcpus array to a xarray\")),\ni.e. before vCPU creation is guaranteed to succeed.\n\nAs a result, incorrectly providing access to vCPU0 will trigger a\nuse-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu()\nbails out of vCPU creation due to an error and frees vCPU0. Commit\nafb2acb2e3a3 (\"KVM: Fix vcpu_array[0] races\") papered over that issue, but\nin doing so introduced an unsolvable teardown conundrum. Preventing\naccesses to vCPU0 before it\u0027s fully online will allow reverting commit\nafb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58083",
"url": "https://www.suse.com/security/cve/CVE-2024-58083"
},
{
"category": "external",
"summary": "SUSE Bug 1239036 for CVE-2024-58083",
"url": "https://bugzilla.suse.com/1239036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: don\u0027t emit warning in tomoyo_write_control()\n\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\nfor one can write a very very long line without new line character. To fix\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\nfor practically a valid line should be always shorter than 32KB where the\n\"too small to fail\" memory-allocation rule applies.\n\nOne might try to write a valid line that is longer than 32KB, but such\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58085",
"url": "https://www.suse.com/security/cve/CVE-2024-58085"
},
{
"category": "external",
"summary": "SUSE Bug 1239085 for CVE-2024-58085",
"url": "https://bugzilla.suse.com/1239085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2024-58086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop active perfmon if it is being destroyed\n\nIf the active performance monitor (`v3d-\u003eactive_perfmon`) is being\ndestroyed, stop it first. Currently, the active perfmon is not\nstopped during destruction, leaving the `v3d-\u003eactive_perfmon` pointer\nstale. This can lead to undefined behavior and instability.\n\nThis patch ensures that the active perfmon is stopped before being\ndestroyed, aligning with the behavior introduced in commit\n7d1fd3638ee3 (\"drm/v3d: Stop the active perfmon before being destroyed\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58086",
"url": "https://www.suse.com/security/cve/CVE-2024-58086"
},
{
"category": "external",
"summary": "SUSE Bug 1239038 for CVE-2024-58086",
"url": "https://bugzilla.suse.com/1239038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58086"
},
{
"cve": "CVE-2025-21631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix waker_bfqq UAF after bfq_split_bfqq()\n\nOur syzkaller report a following UAF for v6.6:\n\nBUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\nRead of size 8 at addr ffff8881b57147d8 by task fsstress/232726\n\nCPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\n print_report+0x3e/0x70 mm/kasan/report.c:475\n kasan_report+0xb8/0xf0 mm/kasan/report.c:588\n hlist_add_head include/linux/list.h:1023 [inline]\n bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230\n __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567\n ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947\n ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182\n ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660\n ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569\n iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91\n iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80\n ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051\n ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220\n do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811\n __do_sys_ioctl fs/ioctl.c:869 [inline]\n __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nAllocated by task 232719:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:768 [inline]\n slab_alloc_node mm/slub.c:3492 [inline]\n kmem_cache_alloc_node+0x1b8/0x6f0 mm/slub.c:3537\n bfq_get_queue+0x215/0x1f00 block/bfq-iosched.c:5869\n bfq_get_bfqq_handle_split+0x167/0x5f0 block/bfq-iosched.c:6776\n bfq_init_rq+0x13a4/0x17a0 block/bfq-iosched.c:6938\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh_nowait+0x15a/0x240 fs/ext4/super.c:217\n ext4_read_bh_lock+0xac/0xd0 fs/ext4/super.c:242\n ext4_bread_batch+0x268/0x500 fs/ext4/inode.c:958\n __ext4_find_entry+0x448/0x10f0 fs/ext4/namei.c:1671\n ext4_lookup_entry fs/ext4/namei.c:1774 [inline]\n ext4_lookup.part.0+0x359/0x6f0 fs/ext4/namei.c:1842\n ext4_lookup+0x72/0x90 fs/ext4/namei.c:1839\n __lookup_slow+0x257/0x480 fs/namei.c:1696\n lookup_slow fs/namei.c:1713 [inline]\n walk_component+0x454/0x5c0 fs/namei.c:2004\n link_path_walk.part.0+0x773/0xda0 fs/namei.c:2331\n link_path_walk fs/namei.c:3826 [inline]\n path_openat+0x1b9/0x520 fs/namei.c:3826\n do_filp_open+0x1b7/0x400 fs/namei.c:3857\n do_sys_openat2+0x5dc/0x6e0 fs/open.c:1428\n do_sys_open fs/open.c:1443 [inline]\n __do_sys_openat fs/open.c:1459 [inline]\n __se_sys_openat fs/open.c:1454 [inline]\n __x64_sys_openat+0x148/0x200 fs/open.c:1454\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_6\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21631",
"url": "https://www.suse.com/security/cve/CVE-2025-21631"
},
{
"category": "external",
"summary": "SUSE Bug 1236099 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "external",
"summary": "SUSE Bug 1236100 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the \u0027net\u0027 one can be retrieved from the listen\nsocket (if available).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21635",
"url": "https://www.suse.com/security/cve/CVE-2025-21635"
},
{
"category": "external",
"summary": "SUSE Bug 1236111 for CVE-2025-21635",
"url": "https://bugzilla.suse.com/1236111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21659",
"url": "https://www.suse.com/security/cve/CVE-2025-21659"
},
{
"category": "external",
"summary": "SUSE Bug 1236206 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "external",
"summary": "SUSE Bug 1236207 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn\u0027t.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21666",
"url": "https://www.suse.com/security/cve/CVE-2025-21666"
},
{
"category": "external",
"summary": "SUSE Bug 1236680 for CVE-2025-21666",
"url": "https://bugzilla.suse.com/1236680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21669",
"url": "https://www.suse.com/security/cve/CVE-2025-21669"
},
{
"category": "external",
"summary": "SUSE Bug 1236683 for CVE-2025-21669",
"url": "https://bugzilla.suse.com/1236683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21670",
"url": "https://www.suse.com/security/cve/CVE-2025-21670"
},
{
"category": "external",
"summary": "SUSE Bug 1236685 for CVE-2025-21670",
"url": "https://bugzilla.suse.com/1236685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21670"
},
{
"cve": "CVE-2025-21671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix potential UAF of zram table\n\nIf zram_meta_alloc failed early, it frees allocated zram-\u003etable without\nsetting it NULL. Which will potentially cause zram_meta_free to access\nthe table if user reset an failed and uninitialized device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21671",
"url": "https://www.suse.com/security/cve/CVE-2025-21671"
},
{
"category": "external",
"summary": "SUSE Bug 1236692 for CVE-2025-21671",
"url": "https://bugzilla.suse.com/1236692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21671"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clear port select structure when fail to create\n\nClear the port select structure on error so no stale values left after\ndefiners are destroyed. That\u0027s because the mlx5_lag_destroy_definers()\nalways try to destroy all lag definers in the tt_map, so in the flow\nbelow lag definers get double-destroyed and cause kernel crash:\n\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 1\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets destroyed\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 0\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets double-destroyed\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 64k pages, 48-bit VAs, pgdp=0000000112ce2e00\n [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n Modules linked in: iptable_raw bonding ip_gre ip6_gre gre ip6_tunnel tunnel6 geneve ip6_udp_tunnel udp_tunnel ipip tunnel4 ip_tunnel rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) mlx5_fwctl(OE) fwctl(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlxfw(OE) memtrack(OE) mlx_compat(OE) openvswitch nsh nf_conncount psample xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc netconsole overlay efi_pstore sch_fq_codel zram ip_tables crct10dif_ce qemu_fw_cfg fuse ipv6 crc_ccitt [last unloaded: mlx_compat(OE)]\n CPU: 3 UID: 0 PID: 217 Comm: kworker/u53:2 Tainted: G OE 6.11.0+ #2\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n lr : mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n sp : ffff800085fafb00\n x29: ffff800085fafb00 x28: ffff0000da0c8000 x27: 0000000000000000\n x26: ffff0000da0c8000 x25: ffff0000da0c8000 x24: ffff0000da0c8000\n x23: ffff0000c31f81a0 x22: 0400000000000000 x21: ffff0000da0c8000\n x20: 0000000000000000 x19: 0000000000000001 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8b0c9350\n x14: 0000000000000000 x13: ffff800081390d18 x12: ffff800081dc3cc0\n x11: 0000000000000001 x10: 0000000000000b10 x9 : ffff80007ab7304c\n x8 : ffff0000d00711f0 x7 : 0000000000000004 x6 : 0000000000000190\n x5 : ffff00027edb3010 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : ffff0000d39b8000 x1 : ffff0000d39b8000 x0 : 0400000000000000\n Call trace:\n mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n mlx5_lag_destroy_definers+0xa0/0x108 [mlx5_core]\n mlx5_lag_port_sel_create+0x2d4/0x6f8 [mlx5_core]\n mlx5_activate_lag+0x60c/0x6f8 [mlx5_core]\n mlx5_do_bond_work+0x284/0x5c8 [mlx5_core]\n process_one_work+0x170/0x3e0\n worker_thread+0x2d8/0x3e0\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n Code: a9025bf5 aa0003f6 a90363f7 f90023f9 (f9400400)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21675",
"url": "https://www.suse.com/security/cve/CVE-2025-21675"
},
{
"category": "external",
"summary": "SUSE Bug 1236694 for CVE-2025-21675",
"url": "https://bugzilla.suse.com/1236694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21675"
},
{
"cve": "CVE-2025-21678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Destroy device along with udp socket\u0027s netns dismantle.\n\ngtp_newlink() links the device to a list in dev_net(dev) instead of\nsrc_net, where a udp tunnel socket is created.\n\nEven when src_net is removed, the device stays alive on dev_net(dev).\nThen, removing src_net triggers the splat below. [0]\n\nIn this example, gtp0 is created in ns2, and the udp socket is created\nin ns1.\n\n ip netns add ns1\n ip netns add ns2\n ip -n ns1 link add netns ns2 name gtp0 type gtp role sgsn\n ip netns del ns1\n\nLet\u0027s link the device to the socket\u0027s netns instead.\n\nNow, gtp_net_exit_batch_rtnl() needs another netdev iteration to remove\nall gtp devices in the netns.\n\n[0]:\nref_tracker: net notrefcnt@000000003d6e7d05 has 1/2 users at\n sk_alloc (./include/net/net_namespace.h:345 net/core/sock.c:2236)\n inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252)\n __sock_create (net/socket.c:1558)\n udp_sock_create4 (net/ipv4/udp_tunnel_core.c:18)\n gtp_create_sock (./include/net/udp_tunnel.h:59 drivers/net/gtp.c:1423)\n gtp_create_sockets (drivers/net/gtp.c:1447)\n gtp_newlink (drivers/net/gtp.c:1507)\n rtnl_newlink (net/core/rtnetlink.c:3786 net/core/rtnetlink.c:3897 net/core/rtnetlink.c:4012)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6922)\n netlink_rcv_skb (net/netlink/af_netlink.c:2542)\n netlink_unicast (net/netlink/af_netlink.c:1321 net/netlink/af_netlink.c:1347)\n netlink_sendmsg (net/netlink/af_netlink.c:1891)\n ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2583)\n ___sys_sendmsg (net/socket.c:2639)\n __sys_sendmsg (net/socket.c:2669)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n\nWARNING: CPU: 1 PID: 60 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179)\nModules linked in:\nCPU: 1 UID: 0 PID: 60 Comm: kworker/u16:2 Not tainted 6.13.0-rc5-00147-g4c1224501e9d #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:179)\nCode: 00 00 00 fc ff df 4d 8b 26 49 bd 00 01 00 00 00 00 ad de 4c 39 f5 0f 85 df 00 00 00 48 8b 74 24 08 48 89 df e8 a5 cc 12 02 90 \u003c0f\u003e 0b 90 48 8d 6b 44 be 04 00 00 00 48 89 ef e8 80 de 67 ff 48 89\nRSP: 0018:ff11000009a07b60 EFLAGS: 00010286\nRAX: 0000000000002bd3 RBX: ff1100000f4e1aa0 RCX: 1ffffffff0e40ac6\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8423ee3c\nRBP: ff1100000f4e1af0 R08: 0000000000000001 R09: fffffbfff0e395ae\nR10: 0000000000000001 R11: 0000000000036001 R12: ff1100000f4e1af0\nR13: dead000000000100 R14: ff1100000f4e1af0 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ff1100006ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9b2464bd98 CR3: 0000000005286005 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn (kernel/panic.c:748)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\n ? handle_bug (arch/x86/kernel/traps.c:285)\n ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/asm/irqflags.h:155 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? __pfx_ref_tracker_dir_exit (lib/ref_tracker.c:158)\n ? kfree (mm/slub.c:4613 mm/slub.c:4761)\n net_free (net/core/net_namespace.c:476 net/core/net_namespace.c:467)\n cleanup_net (net/core/net_namespace.c:664 (discriminator 3))\n process_one_work (kernel/workqueue.c:3229)\n worker_thread (kernel/workqueue.c:3304 kernel/workqueue.c:3391\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21678",
"url": "https://www.suse.com/security/cve/CVE-2025-21678"
},
{
"category": "external",
"summary": "SUSE Bug 1236698 for CVE-2025-21678",
"url": "https://bugzilla.suse.com/1236698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21678"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: properly synchronize freeing resources during CPU hotunplug\n\nIn zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the\ncurrent CPU at the beginning of the operation is retrieved and used\nthroughout. However, since neither preemption nor migration are disabled,\nit is possible that the operation continues on a different CPU.\n\nIf the original CPU is hotunplugged while the acomp_ctx is still in use,\nwe run into a UAF bug as some of the resources attached to the acomp_ctx\nare freed during hotunplug in zswap_cpu_comp_dead() (i.e. \nacomp_ctx.buffer, acomp_ctx.req, or acomp_ctx.acomp).\n\nThe problem was introduced in commit 1ec3b5fe6eec (\"mm/zswap: move to use\ncrypto_acomp API for hardware acceleration\") when the switch to the\ncrypto_acomp API was made. Prior to that, the per-CPU crypto_comp was\nretrieved using get_cpu_ptr() which disables preemption and makes sure the\nCPU cannot go away from under us. Preemption cannot be disabled with the\ncrypto_acomp API as a sleepable context is needed.\n\nUse the acomp_ctx.mutex to synchronize CPU hotplug callbacks allocating\nand freeing resources with compression/decompression paths. Make sure\nthat acomp_ctx.req is NULL when the resources are freed. In the\ncompression/decompression paths, check if acomp_ctx.req is NULL after\nacquiring the mutex (meaning the CPU was offlined) and retry on the new\nCPU.\n\nThe initialization of acomp_ctx.mutex is moved from the CPU hotplug\ncallback to the pool initialization where it belongs (where the mutex is\nallocated). In addition to adding clarity, this makes sure that CPU\nhotplug cannot reinitialize a mutex that is already locked by\ncompression/decompression.\n\nPreviously a fix was attempted by holding cpus_read_lock() [1]. This\nwould have caused a potential deadlock as it is possible for code already\nholding the lock to fall into reclaim and enter zswap (causing a\ndeadlock). A fix was also attempted using SRCU for synchronization, but\nJohannes pointed out that synchronize_srcu() cannot be used in CPU hotplug\nnotifiers [2].\n\nAlternative fixes that were considered/attempted and could have worked:\n- Refcounting the per-CPU acomp_ctx. This involves complexity in\n handling the race between the refcount dropping to zero in\n zswap_[de]compress() and the refcount being re-initialized when the\n CPU is onlined.\n- Disabling migration before getting the per-CPU acomp_ctx [3], but\n that\u0027s discouraged and is a much bigger hammer than needed, and could\n result in subtle performance issues.\n\n[1]https://lkml.kernel.org/20241219212437.2714151-1-yosryahmed@google.com/\n[2]https://lkml.kernel.org/20250107074724.1756696-2-yosryahmed@google.com/\n[3]https://lkml.kernel.org/20250107222236.2715883-2-yosryahmed@google.com/\n\n[yosryahmed@google.com: remove comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21693",
"url": "https://www.suse.com/security/cve/CVE-2025-21693"
},
{
"category": "external",
"summary": "SUSE Bug 1237029 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "external",
"summary": "SUSE Bug 1237047 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21701",
"url": "https://www.suse.com/security/cve/CVE-2025-21701"
},
{
"category": "external",
"summary": "SUSE Bug 1237164 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "external",
"summary": "SUSE Bug 1245805 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1245805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\nqdisc becomes empty, therefore we need to reduce the backlog of the\nchild qdisc before calling it. Otherwise it would miss the opportunity\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\nsince DRR uses -\u003eqlen_notify() to maintain its active list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21703",
"url": "https://www.suse.com/security/cve/CVE-2025-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1237313 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "external",
"summary": "SUSE Bug 1245796 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1245796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can\u0027t\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm-\u003enb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device\u0027s vendor/product IDs and\nits other interfaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21704",
"url": "https://www.suse.com/security/cve/CVE-2025-21704"
},
{
"category": "external",
"summary": "SUSE Bug 1237571 for CVE-2025-21704",
"url": "https://bugzilla.suse.com/1237571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only set fullmesh for subflow endp\n\nWith the in-kernel path-manager, it is possible to change the \u0027fullmesh\u0027\nflag. The code in mptcp_pm_nl_fullmesh() expects to change it only on\n\u0027subflow\u0027 endpoints, to recreate more or less subflows using the linked\naddress.\n\nUnfortunately, the set_flags() hook was a bit more permissive, and\nallowed \u0027implicit\u0027 endpoints to get the \u0027fullmesh\u0027 flag while it is not\nallowed before.\n\nThat\u0027s what syzbot found, triggering the following warning:\n\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Modules linked in:\n CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 \u003c0f\u003e 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48\n RSP: 0018:ffffc9000d307240 EFLAGS: 00010293\n RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e\n R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0\n R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d\n FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f5fe8785d29\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29\n RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007\n RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21706",
"url": "https://www.suse.com/security/cve/CVE-2025-21706"
},
{
"category": "external",
"summary": "SUSE Bug 1238528 for CVE-2025-21706",
"url": "https://bugzilla.suse.com/1238528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: rtl8150: enable basic endpoint checking\n\nSyzkaller reports [1] encountering a common issue of utilizing a wrong\nusb endpoint type during URB submitting stage. This, in turn, triggers\na warning shown below.\n\nFor now, enable simple endpoint checking (specifically, bulk and\ninterrupt eps, testing control one is not essential) to mitigate\nthe issue with a view to do other related cosmetic changes later,\nif they are necessary.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv\u003e\nModules linked in:\nCPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617\u003e\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nCode: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8\u003e\nRSP: 0018:ffffc9000441f740 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9\nRDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001\nRBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c\nFS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733\n __dev_open+0x2d4/0x4e0 net/core/dev.c:1474\n __dev_change_flags+0x561/0x720 net/core/dev.c:8838\n dev_change_flags+0x8f/0x160 net/core/dev.c:8910\n devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177\n inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003\n sock_do_ioctl+0x116/0x280 net/socket.c:1222\n sock_ioctl+0x22e/0x6c0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fc04ef73d49\n...\n\nThis change has not been tested on real hardware.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21708",
"url": "https://www.suse.com/security/cve/CVE-2025-21708"
},
{
"category": "external",
"summary": "SUSE Bug 1239087 for CVE-2025-21708",
"url": "https://bugzilla.suse.com/1239087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rose: prevent integer overflows in rose_setsockopt()\n\nIn case of possible unpredictably large arguments passed to\nrose_setsockopt() and multiplied by extra values on top of that,\ninteger overflows may occur.\n\nDo the safest minimum and fix these issues by checking the\ncontents of \u0027opt\u0027 and returning -EINVAL if they are too large. Also,\nswitch to unsigned int and remove useless check for negative \u0027opt\u0027\nin ROSE_IDLE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21711",
"url": "https://www.suse.com/security/cve/CVE-2025-21711"
},
{
"category": "external",
"summary": "SUSE Bug 1239114 for CVE-2025-21711",
"url": "https://bugzilla.suse.com/1239114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP use after free\n\nPrevent double queueing of implicit ODP mr destroy work by using\n__xa_cmpxchg() to make sure this is the only time we are destroying this\nspecific mr.\n\nWithout this change, we could try to invalidate this mr twice, which in\nturn could result in queuing a MR work destroy twice, and eventually the\nsecond work could execute after the MR was freed due to the first work,\ncausing a user after free and trace below.\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130\n Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\n CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]\n RIP: 0010:refcount_warn_saturate+0x12b/0x130\n Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff \u003c0f\u003e 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff\n RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027\n RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0\n RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019\n R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00\n R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0\n FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0x12b/0x130\n free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]\n process_one_work+0x1cc/0x3c0\n worker_thread+0x218/0x3c0\n kthread+0xc6/0xf0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21714",
"url": "https://www.suse.com/security/cve/CVE-2025-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1237890 for CVE-2025-21714",
"url": "https://bugzilla.suse.com/1237890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: fix timer races against user threads\n\nRose timers only acquire the socket spinlock, without\nchecking if the socket is owned by one user thread.\n\nAdd a check and rearm the timers if needed.\n\nBUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\nRead of size 2 at addr ffff88802f09b82a by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\n call_timer_fn+0x187/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430\n run_timer_base kernel/time/timer.c:2439 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21718",
"url": "https://www.suse.com/security/cve/CVE-2025-21718"
},
{
"category": "external",
"summary": "SUSE Bug 1239073 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "external",
"summary": "SUSE Bug 1239074 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix possible crash when setting up bsg fails\n\nIf bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.\nConsequently, in mpi3mr_bsg_exit(), the condition \"if(!mrioc-\u003ebsg_queue)\"\nwill not be satisfied, preventing execution from entering\nbsg_remove_queue(), which could lead to the following crash:\n\nBUG: kernel NULL pointer dereference, address: 000000000000041c\nCall Trace:\n \u003cTASK\u003e\n mpi3mr_bsg_exit+0x1f/0x50 [mpi3mr]\n mpi3mr_remove+0x6f/0x340 [mpi3mr]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x19d/0x220\n unbind_store+0xa4/0xb0\n kernfs_fop_write_iter+0x11f/0x200\n vfs_write+0x1fc/0x3e0\n ksys_write+0x67/0xe0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0xe2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21723",
"url": "https://www.suse.com/security/cve/CVE-2025-21723"
},
{
"category": "external",
"summary": "SUSE Bug 1238864 for CVE-2025-21723",
"url": "https://bugzilla.suse.com/1238864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: avoid UAF for reorder_work\n\nAlthough the previous patch can avoid ps and ps UAF for _do_serial, it\ncan not avoid potential UAF issue for reorder_work. This issue can\nhappen just as below:\n\ncrypto_request\t\t\tcrypto_request\t\tcrypto_del_alg\npadata_do_serial\n ...\n padata_reorder\n // processes all remaining\n // requests then breaks\n while (1) {\n if (!padata)\n break;\n ...\n }\n\n\t\t\t\tpadata_do_serial\n\t\t\t\t // new request added\n\t\t\t\t list_add\n // sees the new request\n queue_work(reorder_work)\n\t\t\t\t padata_reorder\n\t\t\t\t queue_work_on(squeue-\u003ework)\n...\n\n\t\t\t\t\u003ckworker context\u003e\n\t\t\t\tpadata_serial_worker\n\t\t\t\t// completes new request,\n\t\t\t\t// no more outstanding\n\t\t\t\t// requests\n\n\t\t\t\t\t\t\tcrypto_del_alg\n\t\t\t\t\t\t\t // free pd\n\n\u003ckworker context\u003e\ninvoke_padata_reorder\n // UAF of pd\n\nTo avoid UAF for \u0027reorder_work\u0027, get \u0027pd\u0027 ref before put \u0027reorder_work\u0027\ninto the \u0027serial_wq\u0027 and put \u0027pd\u0027 ref until the \u0027serial_wq\u0027 finish.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21726",
"url": "https://www.suse.com/security/cve/CVE-2025-21726"
},
{
"category": "external",
"summary": "SUSE Bug 1238865 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "external",
"summary": "SUSE Bug 1240837 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1240837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: fix UAF in padata_reorder\n\nA bug was found when run ltp test:\n\nBUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0\nRead of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206\n\nCPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+\nWorkqueue: pdecrypt_parallel padata_parallel_worker\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x32/0x50\nprint_address_description.constprop.0+0x6b/0x3d0\nprint_report+0xdd/0x2c0\nkasan_report+0xa5/0xd0\npadata_find_next+0x29/0x1a0\npadata_reorder+0x131/0x220\npadata_parallel_worker+0x3d/0xc0\nprocess_one_work+0x2ec/0x5a0\n\nIf \u0027mdelay(10)\u0027 is added before calling \u0027padata_find_next\u0027 in the\n\u0027padata_reorder\u0027 function, this issue could be reproduced easily with\nltp test (pcrypt_aead01).\n\nThis can be explained as bellow:\n\npcrypt_aead_encrypt\n...\npadata_do_parallel\nrefcount_inc(\u0026pd-\u003erefcnt); // add refcnt\n...\npadata_do_serial\npadata_reorder // pd\nwhile (1) {\npadata_find_next(pd, true); // using pd\nqueue_work_on\n...\npadata_serial_worker\t\t\t\tcrypto_del_alg\npadata_put_pd_cnt // sub refcnt\n\t\t\t\t\t\tpadata_free_shell\n\t\t\t\t\t\tpadata_put_pd(ps-\u003epd);\n\t\t\t\t\t\t// pd is freed\n// loop again, but pd is freed\n// call padata_find_next, UAF\n}\n\nIn the padata_reorder function, when it loops in \u0027while\u0027, if the alg is\ndeleted, the refcnt may be decreased to 0 before entering\n\u0027padata_find_next\u0027, which leads to UAF.\n\nAs mentioned in [1], do_serial is supposed to be called with BHs disabled\nand always happen under RCU protection, to address this issue, add\nsynchronize_rcu() in \u0027padata_free_shell\u0027 wait for all _do_serial calls\nto finish.\n\n[1] https://lore.kernel.org/all/20221028160401.cccypv4euxikusiq@parnassus.localdomain/\n[2] https://lore.kernel.org/linux-kernel/jfjz5d7zwbytztackem7ibzalm5lnxldi2eofeiczqmqs2m7o6@fq426cwnjtkm/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21727",
"url": "https://www.suse.com/security/cve/CVE-2025-21727"
},
{
"category": "external",
"summary": "SUSE Bug 1237876 for CVE-2025-21727",
"url": "https://bugzilla.suse.com/1237876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix race between cancel_hw_scan and hw_scan completion\n\nThe rtwdev-\u003escanning flag isn\u0027t protected by mutex originally, so\ncancel_hw_scan can pass the condition, but suddenly hw_scan completion\nunset the flag and calls ieee80211_scan_completed() that will free\nlocal-\u003ehw_scan_req. Then, cancel_hw_scan raises null-ptr-deref and\nuse-after-free. Fix it by moving the check condition to where\nprotected by mutex.\n\n KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]\n CPU: 2 PID: 6922 Comm: kworker/2:2 Tainted: G OE\n Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB6WW (2.76 ) 09/10/2019\n Workqueue: events cfg80211_conn_work [cfg80211]\n RIP: 0010:rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]\n Code: 00 45 89 6c 24 1c 0f 85 23 01 00 00 48 8b 85 20 ff ff ff 48 8d\n RSP: 0018:ffff88811fd9f068 EFLAGS: 00010206\n RAX: dffffc0000000000 RBX: ffff88811fd9f258 RCX: 0000000000000001\n RDX: 0000000000000011 RSI: 0000000000000001 RDI: 0000000000000089\n RBP: ffff88811fd9f170 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff88811fd9f108 R11: 0000000000000000 R12: ffff88810e47f960\n R13: 0000000000000000 R14: 000000000000ffff R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8881d6f00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007531dfca55b0 CR3: 00000001be296004 CR4: 00000000001706e0\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x61/0x73\n ? __die_body+0x20/0x73\n ? die_addr+0x4f/0x7b\n ? exc_general_protection+0x191/0x1db\n ? asm_exc_general_protection+0x27/0x30\n ? rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]\n ? rtw89_fw_h2c_scan_offload_be+0x458/0x13c3 [rtw89_core]\n ? __pfx_rtw89_fw_h2c_scan_offload_be+0x10/0x10 [rtw89_core]\n ? do_raw_spin_lock+0x75/0xdb\n ? __pfx_do_raw_spin_lock+0x10/0x10\n rtw89_hw_scan_offload+0xb5e/0xbf7 [rtw89_core]\n ? _raw_spin_unlock+0xe/0x24\n ? __mutex_lock.constprop.0+0x40c/0x471\n ? __pfx_rtw89_hw_scan_offload+0x10/0x10 [rtw89_core]\n ? __mutex_lock_slowpath+0x13/0x1f\n ? mutex_lock+0xa2/0xdc\n ? __pfx_mutex_lock+0x10/0x10\n rtw89_hw_scan_abort+0x58/0xb7 [rtw89_core]\n rtw89_ops_cancel_hw_scan+0x120/0x13b [rtw89_core]\n ieee80211_scan_cancel+0x468/0x4d0 [mac80211]\n ieee80211_prep_connection+0x858/0x899 [mac80211]\n ieee80211_mgd_auth+0xbea/0xdde [mac80211]\n ? __pfx_ieee80211_mgd_auth+0x10/0x10 [mac80211]\n ? cfg80211_find_elem+0x15/0x29 [cfg80211]\n ? is_bss+0x1b7/0x1d7 [cfg80211]\n ieee80211_auth+0x18/0x27 [mac80211]\n cfg80211_mlme_auth+0x3bb/0x3e7 [cfg80211]\n cfg80211_conn_do_work+0x410/0xb81 [cfg80211]\n ? __pfx_cfg80211_conn_do_work+0x10/0x10 [cfg80211]\n ? __kasan_check_read+0x11/0x1f\n ? psi_group_change+0x8bc/0x944\n ? __kasan_check_write+0x14/0x22\n ? mutex_lock+0x8e/0xdc\n ? __pfx_mutex_lock+0x10/0x10\n ? __pfx___radix_tree_lookup+0x10/0x10\n cfg80211_conn_work+0x245/0x34d [cfg80211]\n ? __pfx_cfg80211_conn_work+0x10/0x10 [cfg80211]\n ? update_cfs_rq_load_avg+0x3bc/0x3d7\n ? sched_clock_noinstr+0x9/0x1a\n ? sched_clock+0x10/0x24\n ? sched_clock_cpu+0x7e/0x42e\n ? newidle_balance+0x796/0x937\n ? __pfx_sched_clock_cpu+0x10/0x10\n ? __pfx_newidle_balance+0x10/0x10\n ? __kasan_check_read+0x11/0x1f\n ? psi_group_change+0x8bc/0x944\n ? _raw_spin_unlock+0xe/0x24\n ? raw_spin_rq_unlock+0x47/0x54\n ? raw_spin_rq_unlock_irq+0x9/0x1f\n ? finish_task_switch.isra.0+0x347/0x586\n ? __schedule+0x27bf/0x2892\n ? mutex_unlock+0x80/0xd0\n ? do_raw_spin_lock+0x75/0xdb\n ? __pfx___schedule+0x10/0x10\n process_scheduled_works+0x58c/0x821\n worker_thread+0x4c7/0x586\n ? __kasan_check_read+0x11/0x1f\n kthread+0x285/0x294\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x6f\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21729",
"url": "https://www.suse.com/security/cve/CVE-2025-21729"
},
{
"category": "external",
"summary": "SUSE Bug 1237874 for CVE-2025-21729",
"url": "https://bugzilla.suse.com/1237874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21729"
},
{
"cve": "CVE-2025-21731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: don\u0027t allow reconnect after disconnect\n\nFollowing process can cause nbd_config UAF:\n\n1) grab nbd_config temporarily;\n\n2) nbd_genl_disconnect() flush all recv_work() and release the\ninitial reference:\n\n nbd_genl_disconnect\n nbd_disconnect_and_put\n nbd_disconnect\n flush_workqueue(nbd-\u003erecv_workq)\n if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...))\n nbd_config_put\n -\u003e due to step 1), reference is still not zero\n\n3) nbd_genl_reconfigure() queue recv_work() again;\n\n nbd_genl_reconfigure\n config = nbd_get_config_unlocked(nbd)\n if (!config)\n -\u003e succeed\n if (!test_bit(NBD_RT_BOUND, ...))\n -\u003e succeed\n nbd_reconnect_socket\n queue_work(nbd-\u003erecv_workq, \u0026args-\u003ework)\n\n4) step 1) release the reference;\n\n5) Finially, recv_work() will trigger UAF:\n\n recv_work\n nbd_config_put(nbd)\n -\u003e nbd_config is freed\n atomic_dec(\u0026config-\u003erecv_threads)\n -\u003e UAF\n\nFix the problem by clearing NBD_RT_BOUND in nbd_genl_disconnect(), so\nthat nbd_genl_reconfigure() will fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21731",
"url": "https://www.suse.com/security/cve/CVE-2025-21731"
},
{
"category": "external",
"summary": "SUSE Bug 1237881 for CVE-2025-21731",
"url": "https://bugzilla.suse.com/1237881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error\n\nThis patch addresses a race condition for an ODP MR that can result in a\nCQE with an error on the UMR QP.\n\nDuring the __mlx5_ib_dereg_mr() flow, the following sequence of calls\noccurs:\n\nmlx5_revoke_mr()\n mlx5r_umr_revoke_mr()\n mlx5r_umr_post_send_wait()\n\nAt this point, the lkey is freed from the hardware\u0027s perspective.\n\nHowever, concurrently, mlx5_ib_invalidate_range() might be triggered by\nanother task attempting to invalidate a range for the same freed lkey.\n\nThis task will:\n - Acquire the umem_odp-\u003eumem_mutex lock.\n - Call mlx5r_umr_update_xlt() on the UMR QP.\n - Since the lkey has already been freed, this can lead to a CQE error,\n causing the UMR QP to enter an error state [1].\n\nTo resolve this race condition, the umem_odp-\u003eumem_mutex lock is now also\nacquired as part of the mlx5_revoke_mr() scope. Upon successful revoke,\nwe set umem_odp-\u003eprivate which points to that MR to NULL, preventing any\nfurther invalidation attempts on its lkey.\n\n[1] From dmesg:\n\n infiniband rocep8s0f0: dump_cqe:277:(pid 0): WC error: 6, Message: memory bind operation error\n cqe_dump: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000030: 00 00 00 00 08 00 78 06 25 00 11 b9 00 0e dd d2\n\n WARNING: CPU: 15 PID: 1506 at drivers/infiniband/hw/mlx5/umr.c:394 mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n Modules linked in: ip6table_mangle ip6table_natip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\n CPU: 15 UID: 0 PID: 1506 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1626\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n [..]\n Call Trace:\n \u003cTASK\u003e\n mlx5r_umr_update_xlt+0x23c/0x3e0 [mlx5_ib]\n mlx5_ib_invalidate_range+0x2e1/0x330 [mlx5_ib]\n __mmu_notifier_invalidate_range_start+0x1e1/0x240\n zap_page_range_single+0xf1/0x1a0\n madvise_vma_behavior+0x677/0x6e0\n do_madvise+0x1a2/0x4b0\n __x64_sys_madvise+0x25/0x30\n do_syscall_64+0x6b/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21732",
"url": "https://www.suse.com/security/cve/CVE-2025-21732"
},
{
"category": "external",
"summary": "SUSE Bug 1237877 for CVE-2025-21732",
"url": "https://bugzilla.suse.com/1237877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix resetting of tracepoints\n\nIf a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD\ndisabled, but then that option is enabled and timerlat is removed, the\ntracepoints that were enabled on timerlat registration do not get\ndisabled. If the option is disabled again and timelat is started, then it\ntriggers a warning in the tracepoint code due to registering the\ntracepoint again without ever disabling it.\n\nDo not use the same user space defined options to know to disable the\ntracepoints when timerlat is removed. Instead, set a global flag when it\nis enabled and use that flag to know to disable the events.\n\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n ~# echo OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo nop \u003e /sys/kernel/tracing/current_tracer\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n\nTriggers:\n\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0\n Modules linked in:\n CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:tracepoint_add_func+0x3b6/0x3f0\n Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff \u003c0f\u003e 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b\n RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202\n RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410\n RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002\n R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001\n R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008\n FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __warn.cold+0xb7/0x14d\n ? tracepoint_add_func+0x3b6/0x3f0\n ? report_bug+0xea/0x170\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? tracepoint_add_func+0x3b6/0x3f0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n tracepoint_probe_register+0x78/0xb0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n osnoise_workload_start+0x2b5/0x370\n timerlat_tracer_init+0x76/0x1b0\n tracing_set_tracer+0x244/0x400\n tracing_set_trace_write+0xa0/0xe0\n vfs_write+0xfc/0x570\n ? do_sys_openat2+0x9c/0xe0\n ksys_write+0x72/0xf0\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21733",
"url": "https://www.suse.com/security/cve/CVE-2025-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1238494 for CVE-2025-21733",
"url": "https://bugzilla.suse.com/1238494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix copy buffer page size\n\nFor non-registered buffer, fastrpc driver copies the buffer and\npass it to the remote subsystem. There is a problem with current\nimplementation of page size calculation which is not considering\nthe offset in the calculation. This might lead to passing of\nimproper and out-of-bounds page size which could result in\nmemory issue. Calculate page start and page end using the offset\nadjusted address instead of absolute address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21734",
"url": "https://www.suse.com/security/cve/CVE-2025-21734"
},
{
"category": "external",
"summary": "SUSE Bug 1238734 for CVE-2025-21734",
"url": "https://bugzilla.suse.com/1238734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Add bounds checking in nci_hci_create_pipe()\n\nThe \"pipe\" variable is a u8 which comes from the network. If it\u0027s more\nthan 127, then it results in memory corruption in the caller,\nnci_hci_connect_gate().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21735",
"url": "https://www.suse.com/security/cve/CVE-2025-21735"
},
{
"category": "external",
"summary": "SUSE Bug 1238497 for CVE-2025-21735",
"url": "https://bugzilla.suse.com/1238497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix possible int overflows in nilfs_fiemap()\n\nSince nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result\nby being prepared to go through potentially maxblocks == INT_MAX blocks,\nthe value in n may experience an overflow caused by left shift of blkbits.\n\nWhile it is extremely unlikely to occur, play it safe and cast right hand\nexpression to wider type to mitigate the issue.\n\nFound by Linux Verification Center (linuxtesting.org) with static analysis\ntool SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21736",
"url": "https://www.suse.com/security/cve/CVE-2025-21736"
},
{
"category": "external",
"summary": "SUSE Bug 1238715 for CVE-2025-21736",
"url": "https://bugzilla.suse.com/1238715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix use-after free in init error and remove paths\n\ndevm_blk_crypto_profile_init() registers a cleanup handler to run when\nthe associated (platform-) device is being released. For UFS, the\ncrypto private data and pointers are stored as part of the ufs_hba\u0027s\ndata structure \u0027struct ufs_hba::crypto_profile\u0027. This structure is\nallocated as part of the underlying ufshcd and therefore Scsi_host\nallocation.\n\nDuring driver release or during error handling in ufshcd_pltfrm_init(),\nthis structure is released as part of ufshcd_dealloc_host() before the\n(platform-) device associated with the crypto call above is released.\nOnce this device is released, the crypto cleanup code will run, using\nthe just-released \u0027struct ufs_hba::crypto_profile\u0027. This causes a\nuse-after-free situation:\n\n Call trace:\n kfree+0x60/0x2d8 (P)\n kvfree+0x44/0x60\n blk_crypto_profile_destroy_callback+0x28/0x70\n devm_action_release+0x1c/0x30\n release_nodes+0x6c/0x108\n devres_release_all+0x98/0x100\n device_unbind_cleanup+0x20/0x70\n really_probe+0x218/0x2d0\n\nIn other words, the initialisation code flow is:\n\n platform-device probe\n ufshcd_pltfrm_init()\n ufshcd_alloc_host()\n scsi_host_alloc()\n allocation of struct ufs_hba\n creation of scsi-host devices\n devm_blk_crypto_profile_init()\n devm registration of cleanup handler using platform-device\n\nand during error handling of ufshcd_pltfrm_init() or during driver\nremoval:\n\n ufshcd_dealloc_host()\n scsi_host_put()\n put_device(scsi-host)\n release of struct ufs_hba\n put_device(platform-device)\n crypto cleanup handler\n\nTo fix this use-after free, change ufshcd_alloc_host() to register a\ndevres action to automatically cleanup the underlying SCSI device on\nufshcd destruction, without requiring explicit calls to\nufshcd_dealloc_host(). This way:\n\n * the crypto profile and all other ufs_hba-owned resources are\n destroyed before SCSI (as they\u0027ve been registered after)\n * a memleak is plugged in tc-dwc-g210-pci.c remove() as a\n side-effect\n * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as\n it\u0027s not needed anymore\n * no future drivers using ufshcd_alloc_host() could ever forget\n adding the cleanup",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21739",
"url": "https://www.suse.com/security/cve/CVE-2025-21739"
},
{
"category": "external",
"summary": "SUSE Bug 1238506 for CVE-2025-21739",
"url": "https://bugzilla.suse.com/1238506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix DPE OoB read\n\nFix an out-of-bounds DPE read, limit the number of processed DPEs to\nthe amount that fits into the fixed-size NDP16 header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21741",
"url": "https://www.suse.com/security/cve/CVE-2025-21741"
},
{
"category": "external",
"summary": "SUSE Bug 1238767 for CVE-2025-21741",
"url": "https://bugzilla.suse.com/1238767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: use static NDP16 location in URB\n\nOriginal code allowed for the start of NDP16 to be anywhere within the\nURB based on the `wNdpIndex` value in NTH16. Only the start position of\nNDP16 was checked, so it was possible for even the fixed-length part\nof NDP16 to extend past the end of URB, leading to an out-of-bounds\nread.\n\nOn iOS devices, the NDP16 header always directly follows NTH16. Rely on\nand check for this specific format.\n\nThis, along with NCM-specific minimal URB length check that already\nexists, will ensure that the fixed-length part of NDP16 plus a set\namount of DPEs fit within the URB.\n\nNote that this commit alone does not fully address the OoB read.\nThe limit on the amount of DPEs needs to be enforced separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21742",
"url": "https://www.suse.com/security/cve/CVE-2025-21742"
},
{
"category": "external",
"summary": "SUSE Bug 1238771 for CVE-2025-21742",
"url": "https://bugzilla.suse.com/1238771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix possible overflow in DPE length check\n\nOriginally, it was possible for the DPE length check to overflow if\nwDatagramIndex + wDatagramLength \u003e U16_MAX. This could lead to an OoB\nread.\n\nMove the wDatagramIndex term to the other side of the inequality.\n\nAn existing condition ensures that wDatagramIndex \u003c urb-\u003eactual_length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21743",
"url": "https://www.suse.com/security/cve/CVE-2025-21743"
},
{
"category": "external",
"summary": "SUSE Bug 1238781 for CVE-2025-21743",
"url": "https://bugzilla.suse.com/1238781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()\n\nOn removal of the device or unloading of the kernel module a potential NULL\npointer dereference occurs.\n\nThe following sequence deletes the interface:\n\n brcmf_detach()\n brcmf_remove_interface()\n brcmf_del_if()\n\nInside the brcmf_del_if() function the drvr-\u003eif2bss[ifidx] is updated to\nBRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.\n\nAfter brcmf_remove_interface() call the brcmf_proto_detach() function is\ncalled providing the following sequence:\n\n brcmf_detach()\n brcmf_proto_detach()\n brcmf_proto_msgbuf_detach()\n brcmf_flowring_detach()\n brcmf_msgbuf_delete_flowring()\n brcmf_msgbuf_remove_flowring()\n brcmf_flowring_delete()\n brcmf_get_ifp()\n brcmf_txfinalize()\n\nSince brcmf_get_ip() can and actually will return NULL in this case the\ncall to brcmf_txfinalize() will result in a NULL pointer dereference inside\nbrcmf_txfinalize() when trying to update ifp-\u003endev-\u003estats.tx_errors.\n\nThis will only happen if a flowring still has an skb.\n\nAlthough the NULL pointer dereference has only been seen when trying to\nupdate the tx statistic, all other uses of the ifp pointer have been\nguarded as well with an early return if ifp is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21744",
"url": "https://www.suse.com/security/cve/CVE-2025-21744"
},
{
"category": "external",
"summary": "SUSE Bug 1238903 for CVE-2025-21744",
"url": "https://bugzilla.suse.com/1238903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\n\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\nclass_dev_iter_(init|next)(), but does not end iterating with\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\n\nFix by ending the iterating with class_dev_iter_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21745",
"url": "https://www.suse.com/security/cve/CVE-2025-21745"
},
{
"category": "external",
"summary": "SUSE Bug 1238785 for CVE-2025-21745",
"url": "https://bugzilla.suse.com/1238785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: lock the socket in rose_bind()\n\nsyzbot reported a soft lockup in rose_loopback_timer(),\nwith a repro calling bind() from multiple threads.\n\nrose_bind() must lock the socket to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21749",
"url": "https://www.suse.com/security/cve/CVE-2025-21749"
},
{
"category": "external",
"summary": "SUSE Bug 1238904 for CVE-2025-21749",
"url": "https://bugzilla.suse.com/1238904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "low"
}
],
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the return value of of_property_read_string_index()\n\nSomewhen between 6.10 and 6.11 the driver started to crash on my\nMacBookPro14,3. The property doesn\u0027t exist and \u0027tmp\u0027 remains\nuninitialized, so we pass a random pointer to devm_kstrdup().\n\nThe crash I am getting looks like this:\n\nBUG: unable to handle page fault for address: 00007f033c669379\nPF: supervisor read access in kernel mode\nPF: error_code(0x0001) - permissions violation\nPGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025\nOops: Oops: 0001 [#1] SMP PTI\nCPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1\nHardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024\nRIP: 0010:strlen+0x4/0x30\nCode: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c80\u003e 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc\nRSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202\nRAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001\nRDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379\nRBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a\nR10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8\nR13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30\nFS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x149/0x4c0\n ? raw_spin_rq_lock_nested+0xe/0x20\n ? sched_balance_newidle+0x22b/0x3c0\n ? update_load_avg+0x78/0x770\n ? exc_page_fault+0x6f/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_pci_conf1_write+0x10/0x10\n ? strlen+0x4/0x30\n devm_kstrdup+0x25/0x70\n brcmf_of_probe+0x273/0x350 [brcmfmac]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21750",
"url": "https://www.suse.com/security/cve/CVE-2025-21750"
},
{
"category": "external",
"summary": "SUSE Bug 1238905 for CVE-2025-21750",
"url": "https://bugzilla.suse.com/1238905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it\u0027s aborted,\nwe read its \u0027aborted\u0027 field after unlocking fs_info-\u003etrans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its \u0027aborted\u0027 field, leading to a use-after-free.\n\nFix this by reading the \u0027aborted\u0027 field while holding fs_info-\u003etrans_lock\nsince any freeing task must first acquire that lock and set\nfs_info-\u003erunning_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21753",
"url": "https://www.suse.com/security/cve/CVE-2025-21753"
},
{
"category": "external",
"summary": "SUSE Bug 1237875 for CVE-2025-21753",
"url": "https://bugzilla.suse.com/1237875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion failure when splitting ordered extent after transaction abort\n\nIf while we are doing a direct IO write a transaction abort happens, we\nmark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done\nat btrfs_destroy_ordered_extents()), and then after that if we enter\nbtrfs_split_ordered_extent() and the ordered extent has bytes left\n(meaning we have a bio that doesn\u0027t cover the whole ordered extent, see\ndetails at btrfs_extract_ordered_extent()), we will fail on the following\nassertion at btrfs_split_ordered_extent():\n\n ASSERT(!(flags \u0026 ~BTRFS_ORDERED_TYPE_FLAGS));\n\nbecause the BTRFS_ORDERED_IOERR flag is set and the definition of\nBTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the\ntype of write (regular, nocow, prealloc, compressed, direct IO, encoded).\n\nFix this by returning an error from btrfs_extract_ordered_extent() if we\nfind the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will\nbe the error that resulted in the transaction abort or -EIO if no\ntransaction abort happened.\n\nThis was recently reported by syzbot with the following trace:\n\n FAULT_INJECTION: forcing a failure.\n name failslab, interval 1, probability 0, space 0, times 1\n CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n fail_dump lib/fault-inject.c:53 [inline]\n should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154\n should_failslab+0xac/0x100 mm/failslab.c:46\n slab_pre_alloc_hook mm/slub.c:4072 [inline]\n slab_alloc_node mm/slub.c:4148 [inline]\n __do_kmalloc_node mm/slub.c:4297 [inline]\n __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742\n reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292\n check_system_chunk fs/btrfs/block-group.c:4319 [inline]\n do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]\n btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187\n find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]\n find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579\n btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672\n btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]\n btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321\n btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525\n iomap_iter+0x697/0xf60 fs/iomap/iter.c:90\n __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702\n btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]\n btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880\n btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_pwritev fs/read_write.c:1146 [inline]\n __do_sys_pwritev2 fs/read_write.c:1204 [inline]\n __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f1281f85d29\n RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148\n RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29\n RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005\n RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003\n R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002\n R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328\n \u003c/TASK\u003e\n BTRFS error (device loop0 state A): Transaction aborted (error -12)\n BTRFS: error (device loop0 state A\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21754",
"url": "https://www.suse.com/security/cve/CVE-2025-21754"
},
{
"category": "external",
"summary": "SUSE Bug 1238496 for CVE-2025-21754",
"url": "https://bugzilla.suse.com/1238496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21755"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21755",
"url": "https://www.suse.com/security/cve/CVE-2025-21755"
},
{
"category": "external",
"summary": "SUSE Bug 1237882 for CVE-2025-21755",
"url": "https://bugzilla.suse.com/1237882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21755"
},
{
"cve": "CVE-2025-21756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Keep the binding until socket destruction\n\nPreserve sockets bindings; this includes both resulting from an explicit\nbind() and those implicitly bound through autobind during connect().\n\nPrevents socket unbinding during a transport reassignment, which fixes a\nuse-after-free:\n\n 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2)\n 2. transport-\u003erelease() calls vsock_remove_bound() without checking if\n sk was bound and moved to bound list (refcnt=1)\n 3. vsock_bind() assumes sk is in unbound list and before\n __vsock_insert_bound(vsock_bound_sockets()) calls\n __vsock_remove_bound() which does:\n list_del_init(\u0026vsk-\u003ebound_table); // nop\n sock_put(\u0026vsk-\u003esk); // refcnt=0\n\nBUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730\nRead of size 4 at addr ffff88816b46a74c by task a.out/2057\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n __vsock_bind+0x62e/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAllocated by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n __vsock_create.constprop.0+0x2e/0xb60\n vsock_create+0xe4/0x420\n __sock_create+0x241/0x650\n __sys_socket+0xf2/0x1a0\n __x64_sys_socket+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n __vsock_bind+0x5e1/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150\nRIP: 0010:refcount_warn_saturate+0xce/0x150\n __vsock_bind+0x66d/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150\nRIP: 0010:refcount_warn_saturate+0xee/0x150\n vsock_remove_bound+0x187/0x1e0\n __vsock_release+0x383/0x4a0\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x359/0xa80\n task_work_run+0x107/0x1d0\n do_exit+0x847/0x2560\n do_group_exit+0xb8/0x250\n __x64_sys_exit_group+0x3a/0x50\n x64_sys_call+0xfec/0x14f0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21756",
"url": "https://www.suse.com/security/cve/CVE-2025-21756"
},
{
"category": "external",
"summary": "SUSE Bug 1238876 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "external",
"summary": "SUSE Bug 1245795 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1245795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: extend RCU protection in igmp6_send()\n\nigmp6_send() can be called without RTNL or RCU being held.\n\nExtend RCU protection so that we can safely fetch the net pointer\nand avoid a potential UAF.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21759",
"url": "https://www.suse.com/security/cve/CVE-2025-21759"
},
{
"category": "external",
"summary": "SUSE Bug 1238738 for CVE-2025-21759",
"url": "https://bugzilla.suse.com/1238738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21760",
"url": "https://www.suse.com/security/cve/CVE-2025-21760"
},
{
"category": "external",
"summary": "SUSE Bug 1238763 for CVE-2025-21760",
"url": "https://bugzilla.suse.com/1238763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: use RCU protection in ovs_vport_cmd_fill_info()\n\novs_vport_cmd_fill_info() can be called without RTNL or RCU.\n\nUse RCU protection and dev_net_rcu() to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21761",
"url": "https://www.suse.com/security/cve/CVE-2025-21761"
},
{
"category": "external",
"summary": "SUSE Bug 1238775 for CVE-2025-21761",
"url": "https://bugzilla.suse.com/1238775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: use RCU protection in arp_xmit()\n\narp_xmit() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21762",
"url": "https://www.suse.com/security/cve/CVE-2025-21762"
},
{
"category": "external",
"summary": "SUSE Bug 1238780 for CVE-2025-21762",
"url": "https://bugzilla.suse.com/1238780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: use RCU protection in __neigh_notify()\n\n__neigh_notify() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21763",
"url": "https://www.suse.com/security/cve/CVE-2025-21763"
},
{
"category": "external",
"summary": "SUSE Bug 1237897 for CVE-2025-21763",
"url": "https://bugzilla.suse.com/1237897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21764",
"url": "https://www.suse.com/security/cve/CVE-2025-21764"
},
{
"category": "external",
"summary": "SUSE Bug 1237885 for CVE-2025-21764",
"url": "https://bugzilla.suse.com/1237885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU protection in ip6_default_advmss()\n\nip6_default_advmss() needs rcu protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21765",
"url": "https://www.suse.com/security/cve/CVE-2025-21765"
},
{
"category": "external",
"summary": "SUSE Bug 1237906 for CVE-2025-21765",
"url": "https://bugzilla.suse.com/1237906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: use RCU protection in __ip_rt_update_pmtu()\n\n__ip_rt_update_pmtu() must use RCU protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21766",
"url": "https://www.suse.com/security/cve/CVE-2025-21766"
},
{
"category": "external",
"summary": "SUSE Bug 1238754 for CVE-2025-21766",
"url": "https://bugzilla.suse.com/1238754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21772",
"url": "https://www.suse.com/security/cve/CVE-2025-21772"
},
{
"category": "external",
"summary": "SUSE Bug 1238911 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "external",
"summary": "SUSE Bug 1238912 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial\n\nThe driver assumed that es58x_dev-\u003eudev-\u003eserial could never be NULL.\nWhile this is true on commercially available devices, an attacker\ncould spoof the device identity providing a NULL USB serial number.\nThat would trigger a NULL pointer dereference.\n\nAdd a check on es58x_dev-\u003eudev-\u003eserial before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21773",
"url": "https://www.suse.com/security/cve/CVE-2025-21773"
},
{
"category": "external",
"summary": "SUSE Bug 1238762 for CVE-2025-21773",
"url": "https://bugzilla.suse.com/1238762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ctucanfd: handle skb allocation failure\n\nIf skb allocation fails, the pointer to struct can_frame is NULL. This\nis actually handled everywhere inside ctucan_err_interrupt() except for\nthe only place.\n\nAdd the missed NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21775",
"url": "https://www.suse.com/security/cve/CVE-2025-21775"
},
{
"category": "external",
"summary": "SUSE Bug 1238501 for CVE-2025-21775",
"url": "https://bugzilla.suse.com/1238501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21776"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: hub: Ignore non-compliant devices with too many configs or interfaces\n\nRobert Morris created a test program which can cause\nusb_hub_to_struct_hub() to dereference a NULL or inappropriate\npointer:\n\nOops: general protection fault, probably for non-canonical address\n0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI\nCPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14\nHardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x31/0x80\n ? exc_general_protection+0x1b4/0x3c0\n ? asm_exc_general_protection+0x26/0x30\n ? usb_hub_adjust_deviceremovable+0x78/0x110\n hub_probe+0x7c7/0xab0\n usb_probe_interface+0x14b/0x350\n really_probe+0xd0/0x2d0\n ? __pfx___device_attach_driver+0x10/0x10\n __driver_probe_device+0x6e/0x110\n driver_probe_device+0x1a/0x90\n __device_attach_driver+0x7e/0xc0\n bus_for_each_drv+0x7f/0xd0\n __device_attach+0xaa/0x1a0\n bus_probe_device+0x8b/0xa0\n device_add+0x62e/0x810\n usb_set_configuration+0x65d/0x990\n usb_generic_driver_probe+0x4b/0x70\n usb_probe_device+0x36/0xd0\n\nThe cause of this error is that the device has two interfaces, and the\nhub driver binds to interface 1 instead of interface 0, which is where\nusb_hub_to_struct_hub() looks.\n\nWe can prevent the problem from occurring by refusing to accept hub\ndevices that violate the USB spec by having more than one\nconfiguration or interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21776",
"url": "https://www.suse.com/security/cve/CVE-2025-21776"
},
{
"category": "external",
"summary": "SUSE Bug 1238909 for CVE-2025-21776",
"url": "https://bugzilla.suse.com/1238909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel\n\nAdvertise support for Hyper-V\u0027s SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don\u0027t rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n dump_stack+0xbe/0xfd\n __kasan_report.cold+0x34/0x84\n kasan_report+0x3a/0x50\n __apic_accept_irq+0x3a/0x5c0\n kvm_hv_send_ipi.isra.0+0x34e/0x820\n kvm_hv_hypercall+0x8d9/0x9d0\n kvm_emulate_hypercall+0x506/0x7e0\n __vmx_handle_exit+0x283/0xb60\n vmx_handle_exit+0x1d/0xd0\n vcpu_enter_guest+0x16b0/0x24c0\n vcpu_run+0xc0/0x550\n kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n kvm_vcpu_ioctl+0x413/0xb20\n __se_sys_ioctl+0x111/0x160\n do_syscal1_64+0x30/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan\u0027t be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21779",
"url": "https://www.suse.com/security/cve/CVE-2025-21779"
},
{
"category": "external",
"summary": "SUSE Bug 1238768 for CVE-2025-21779",
"url": "https://bugzilla.suse.com/1238768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21780"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21780",
"url": "https://www.suse.com/security/cve/CVE-2025-21780"
},
{
"category": "external",
"summary": "SUSE Bug 1239115 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "external",
"summary": "SUSE Bug 1239116 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix panic during interface removal\n\nReference counting is used to ensure that\nbatadv_hardif_neigh_node and batadv_hard_iface\nare not freed before/during\nbatadv_v_elp_throughput_metric_update work is\nfinished.\n\nBut there isn\u0027t a guarantee that the hard if will\nremain associated with a soft interface up until\nthe work is finished.\n\nThis fixes a crash triggered by reboot that looks\nlike this:\n\nCall trace:\n batadv_v_mesh_free+0xd0/0x4dc [batman_adv]\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x178/0x398\n worker_thread+0x2e8/0x4d0\n kthread+0xd8/0xdc\n ret_from_fork+0x10/0x20\n\n(the batadv_v_mesh_free call is misleading,\nand does not actually happen)\n\nI was able to make the issue happen more reliably\nby changing hardif_neigh-\u003ebat_v.metric_work work\nto be delayed work. This allowed me to track down\nand confirm the fix.\n\n[sven@narfation.org: prevent entering batadv_v_elp_get_throughput without\n soft_iface]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21781",
"url": "https://www.suse.com/security/cve/CVE-2025-21781"
},
{
"category": "external",
"summary": "SUSE Bug 1238735 for CVE-2025-21781",
"url": "https://bugzilla.suse.com/1238735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix a oob in orangefs_debug_write\n\nI got a syzbot report: slab-out-of-bounds Read in\norangefs_debug_write... several people suggested fixes,\nI tested Al Viro\u0027s suggestion and made this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21782",
"url": "https://www.suse.com/security/cve/CVE-2025-21782"
},
{
"category": "external",
"summary": "SUSE Bug 1239117 for CVE-2025-21782",
"url": "https://bugzilla.suse.com/1239117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()\n\nIn function psp_init_cap_microcode(), it should bail out when failed to\nload firmware, otherwise it may cause invalid memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21784",
"url": "https://www.suse.com/security/cve/CVE-2025-21784"
},
{
"category": "external",
"summary": "SUSE Bug 1238510 for CVE-2025-21784",
"url": "https://bugzilla.suse.com/1238510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\n\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21785",
"url": "https://www.suse.com/security/cve/CVE-2025-21785"
},
{
"category": "external",
"summary": "SUSE Bug 1238747 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "external",
"summary": "SUSE Bug 1240745 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1240745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sn-f-ospi: Fix division by zero\n\nWhen there is no dummy cycle in the spi-nor commands, both dummy bus cycle\nbytes and width are zero. Because of the cpu\u0027s warning when divided by\nzero, the warning should be avoided. Return just zero to avoid such\ncalculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21793",
"url": "https://www.suse.com/security/cve/CVE-2025-21793"
},
{
"category": "external",
"summary": "SUSE Bug 1238500 for CVE-2025-21793",
"url": "https://bugzilla.suse.com/1238500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21794",
"url": "https://www.suse.com/security/cve/CVE-2025-21794"
},
{
"category": "external",
"summary": "SUSE Bug 1238502 for CVE-2025-21794",
"url": "https://bugzilla.suse.com/1238502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: clear acl_access/acl_default after releasing them\n\nIf getting acl_default fails, acl_access and acl_default will be released\nsimultaneously. However, acl_access will still retain a pointer pointing\nto the released posix_acl, which will trigger a WARNING in\nnfs3svc_release_getacl like this:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 26 PID: 3199 at lib/refcount.c:28\nrefcount_warn_saturate+0xb5/0x170\nModules linked in:\nCPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted\n6.12.0-rc6-00079-g04ae226af01f-dirty #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb5/0x170\nCode: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75\ne4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff \u003c0f\u003e 0b eb\ncd 0f b6 1d 8a3\nRSP: 0018:ffffc90008637cd8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380\nRBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56\nR10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0\nFS: 0000000000000000(0000) GS:ffff88871ed00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xb5/0x170\n ? __warn+0xa5/0x140\n ? refcount_warn_saturate+0xb5/0x170\n ? report_bug+0x1b1/0x1e0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? tick_nohz_tick_stopped+0x1e/0x40\n ? refcount_warn_saturate+0xb5/0x170\n ? refcount_warn_saturate+0xb5/0x170\n nfs3svc_release_getacl+0xc9/0xe0\n svc_process_common+0x5db/0xb60\n ? __pfx_svc_process_common+0x10/0x10\n ? __rcu_read_unlock+0x69/0xa0\n ? __pfx_nfsd_dispatch+0x10/0x10\n ? svc_xprt_received+0xa1/0x120\n ? xdr_init_decode+0x11d/0x190\n svc_process+0x2a7/0x330\n svc_handle_xprt+0x69d/0x940\n svc_recv+0x180/0x2d0\n nfsd+0x168/0x200\n ? __pfx_nfsd+0x10/0x10\n kthread+0x1a2/0x1e0\n ? kthread+0xf4/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nClear acl_access/acl_default after posix_acl_release is called to prevent\nUAF from being triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21796",
"url": "https://www.suse.com/security/cve/CVE-2025-21796"
},
{
"category": "external",
"summary": "SUSE Bug 1238716 for CVE-2025-21796",
"url": "https://bugzilla.suse.com/1238716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()\n\nThe rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()\nmacro to request a needed resource. A string variable that lives on the\nstack is then used to store a dynamically computed resource name, which\nis then passed on as one of the macro arguments. This can lead to\nundefined behavior.\n\nDepending on the current contents of the memory, the manifestations of\nerrors may vary. One possible output may be as follows:\n\n $ cat /proc/iomem\n 30000000-37ffffff :\n 38000000-3fffffff :\n\nSometimes, garbage may appear after the colon.\n\nIn very rare cases, if no NULL-terminator is found in memory, the system\nmight crash because the string iterator will overrun which can lead to\naccess of unmapped memory above the stack.\n\nThus, fix this by replacing outbound_name with the name of the previously\nrequested resource. With the changes applied, the output will be as\nfollows:\n\n $ cat /proc/iomem\n 30000000-37ffffff : memory2\n 38000000-3fffffff : memory3\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21804",
"url": "https://www.suse.com/security/cve/CVE-2025-21804"
},
{
"category": "external",
"summary": "SUSE Bug 1238736 for CVE-2025-21804",
"url": "https://bugzilla.suse.com/1238736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: let net.core.dev_weight always be non-zero\n\nThe following problem was encountered during stability test:\n\n(NULL net_device): NAPI poll function process_backlog+0x0/0x530 \\\n\treturned 1, exceeding its budget of 0.\n------------[ cut here ]------------\nlist_add double add: new=ffff88905f746f48, prev=ffff88905f746f48, \\\n\tnext=ffff88905f746e40.\nWARNING: CPU: 18 PID: 5462 at lib/list_debug.c:35 \\\n\t__list_add_valid_or_report+0xf3/0x130\nCPU: 18 UID: 0 PID: 5462 Comm: ping Kdump: loaded Not tainted 6.13.0-rc7+\nRIP: 0010:__list_add_valid_or_report+0xf3/0x130\nCall Trace:\n? __warn+0xcd/0x250\n? __list_add_valid_or_report+0xf3/0x130\nenqueue_to_backlog+0x923/0x1070\nnetif_rx_internal+0x92/0x2b0\n__netif_rx+0x15/0x170\nloopback_xmit+0x2ef/0x450\ndev_hard_start_xmit+0x103/0x490\n__dev_queue_xmit+0xeac/0x1950\nip_finish_output2+0x6cc/0x1620\nip_output+0x161/0x270\nip_push_pending_frames+0x155/0x1a0\nraw_sendmsg+0xe13/0x1550\n__sys_sendto+0x3bf/0x4e0\n__x64_sys_sendto+0xdc/0x1b0\ndo_syscall_64+0x5b/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe reproduction command is as follows:\n sysctl -w net.core.dev_weight=0\n ping 127.0.0.1\n\nThis is because when the napi\u0027s weight is set to 0, process_backlog() may\nreturn 0 and clear the NAPI_STATE_SCHED bit of napi-\u003estate, causing this\nnapi to be re-polled in net_rx_action() until __do_softirq() times out.\nSince the NAPI_STATE_SCHED bit has been cleared, napi_schedule_rps() can\nbe retriggered in enqueue_to_backlog(), causing this issue.\n\nMaking the napi\u0027s weight always non-zero solves this problem.\n\nTriggering this issue requires system-wide admin (setting is\nnot namespaced).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21806",
"url": "https://www.suse.com/security/cve/CVE-2025-21806"
},
{
"category": "external",
"summary": "SUSE Bug 1238746 for CVE-2025-21806",
"url": "https://bugzilla.suse.com/1238746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21806"
},
{
"cve": "CVE-2025-21810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: class: Fix wild pointer dereferences in API class_dev_iter_next()\n\nThere are a potential wild pointer dereferences issue regarding APIs\nclass_dev_iter_(init|next|exit)(), as explained by below typical usage:\n\n// All members of @iter are wild pointers.\nstruct class_dev_iter iter;\n\n// class_dev_iter_init(@iter, @class, ...) checks parameter @class for\n// potential class_to_subsys() error, and it returns void type and does\n// not initialize its output parameter @iter, so caller can not detect\n// the error and continues to invoke class_dev_iter_next(@iter) even if\n// @iter still contains wild pointers.\nclass_dev_iter_init(\u0026iter, ...);\n\n// Dereference these wild pointers in @iter here once suffer the error.\nwhile (dev = class_dev_iter_next(\u0026iter)) { ... };\n\n// Also dereference these wild pointers here.\nclass_dev_iter_exit(\u0026iter);\n\nActually, all callers of these APIs have such usage pattern in kernel tree.\nFix by:\n- Initialize output parameter @iter by memset() in class_dev_iter_init()\n and give callers prompt by pr_crit() for the error.\n- Check if @iter is valid in class_dev_iter_next().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21810",
"url": "https://www.suse.com/security/cve/CVE-2025-21810"
},
{
"category": "external",
"summary": "SUSE Bug 1238757 for CVE-2025-21810",
"url": "https://bugzilla.suse.com/1238757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/compaction: fix UBSAN shift-out-of-bounds warning\n\nsyzkaller reported a UBSAN shift-out-of-bounds warning of (1UL \u003c\u003c order)\nin isolate_freepages_block(). The bogus compound_order can be any value\nbecause it is union with flags. Add back the MAX_PAGE_ORDER check to fix\nthe warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21815",
"url": "https://www.suse.com/security/cve/CVE-2025-21815"
},
{
"category": "external",
"summary": "SUSE Bug 1238474 for CVE-2025-21815",
"url": "https://bugzilla.suse.com/1238474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21819",
"url": "https://www.suse.com/security/cve/CVE-2025-21819"
},
{
"category": "external",
"summary": "SUSE Bug 1238994 for CVE-2025-21819",
"url": "https://bugzilla.suse.com/1238994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: xilinx_uartps: split sysrq handling\n\nlockdep detects the following circular locking dependency:\n\nCPU 0 CPU 1\n========================== ============================\ncdns_uart_isr() printk()\n uart_port_lock(port) console_lock()\n\t\t\t cdns_uart_console_write()\n if (!port-\u003esysrq)\n uart_port_lock(port)\n uart_handle_break()\n port-\u003esysrq = ...\n uart_handle_sysrq_char()\n printk()\n console_lock()\n\nThe fixed commit attempts to avoid this situation by only taking the\nport lock in cdns_uart_console_write if port-\u003esysrq unset. However, if\n(as shown above) cdns_uart_console_write runs before port-\u003esysrq is set,\nthen it will try to take the port lock anyway. This may result in a\ndeadlock.\n\nFix this by splitting sysrq handling into two parts. We use the prepare\nhelper under the port lock and defer handling until we release the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21820",
"url": "https://www.suse.com/security/cve/CVE-2025-21820"
},
{
"category": "external",
"summary": "SUSE Bug 1238479 for CVE-2025-21820",
"url": "https://bugzilla.suse.com/1238479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n Hardware name: Nokia 770\n Call trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x54/0x5c\n dump_stack_lvl from __schedule_bug+0x50/0x70\n __schedule_bug from __schedule+0x4d4/0x5bc\n __schedule from schedule+0x34/0xa0\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n clk_prepare_lock from clk_set_rate+0x18/0x154\n clk_set_rate from sossi_read_data+0x4c/0x168\n sossi_read_data from hwa742_read_reg+0x5c/0x8c\n hwa742_read_reg from send_frame_handler+0xfc/0x300\n send_frame_handler from process_pending_requests+0x74/0xd0\n process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n handle_irq_event from handle_level_irq+0x9c/0x170\n handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n generic_handle_arch_irq from call_with_stack+0x1c/0x24\n call_with_stack from __irq_svc+0x94/0xa8\n Exception stack(0xc5255da0 to 0xc5255de8)\n 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n 5de0: 60000013 ffffffff\n __irq_svc from clk_prepare_lock+0x4c/0xe4\n clk_prepare_lock from clk_get_rate+0x10/0x74\n clk_get_rate from uwire_setup_transfer+0x40/0x180\n uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n __spi_sync from spi_sync+0x24/0x40\n spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n ads7846_irq from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x120/0x228\n irq_thread from kthread+0xc8/0xe8\n kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21821",
"url": "https://www.suse.com/security/cve/CVE-2025-21821"
},
{
"category": "external",
"summary": "SUSE Bug 1239174 for CVE-2025-21821",
"url": "https://bugzilla.suse.com/1239174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Drop unmanaged ELP metric worker\n\nThe ELP worker needs to calculate new metric values for all neighbors\n\"reachable\" over an interface. Some of the used metric sources require\nlocks which might need to sleep. This sleep is incompatible with the RCU\nlist iterator used for the recorded neighbors. The initial approach to work\naround of this problem was to queue another work item per neighbor and then\nrun this in a new context.\n\nEven when this solved the RCU vs might_sleep() conflict, it has a major\nproblems: Nothing was stopping the work item in case it is not needed\nanymore - for example because one of the related interfaces was removed or\nthe batman-adv module was unloaded - resulting in potential invalid memory\naccesses.\n\nDirectly canceling the metric worker also has various problems:\n\n* cancel_work_sync for a to-be-deactivated interface is called with\n rtnl_lock held. But the code in the ELP metric worker also tries to use\n rtnl_lock() - which will never return in this case. This also means that\n cancel_work_sync would never return because it is waiting for the worker\n to finish.\n* iterating over the neighbor list for the to-be-deactivated interface is\n currently done using the RCU specific methods. Which means that it is\n possible to miss items when iterating over it without the associated\n spinlock - a behaviour which is acceptable for a periodic metric check\n but not for a cleanup routine (which must \"stop\" all still running\n workers)\n\nThe better approch is to get rid of the per interface neighbor metric\nworker and handle everything in the interface worker. The original problems\nare solved by:\n\n* creating a list of neighbors which require new metric information inside\n the RCU protected context, gathering the metric according to the new list\n outside the RCU protected context\n* only use rcu_trylock inside metric gathering code to avoid a deadlock\n when the cancel_delayed_work_sync is called in the interface removal code\n (which is called with the rtnl_lock held)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21823",
"url": "https://www.suse.com/security/cve/CVE-2025-21823"
},
{
"category": "external",
"summary": "SUSE Bug 1238475 for CVE-2025-21823",
"url": "https://bugzilla.suse.com/1238475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Cancel the running bpf_timer through kworker for PREEMPT_RT\n\nDuring the update procedure, when overwrite element in a pre-allocated\nhtab, the freeing of old_element is protected by the bucket lock. The\nreason why the bucket lock is necessary is that the old_element has\nalready been stashed in htab-\u003eextra_elems after alloc_htab_elem()\nreturns. If freeing the old_element after the bucket lock is unlocked,\nthe stashed element may be reused by concurrent update procedure and the\nfreeing of old_element will run concurrently with the reuse of the\nold_element. However, the invocation of check_and_free_fields() may\nacquire a spin-lock which violates the lockdep rule because its caller\nhas already held a raw-spin-lock (bucket lock). The following warning\nwill be reported when such race happens:\n\n BUG: scheduling while atomic: test_progs/676/0x00000003\n 3 locks held by test_progs/676:\n #0: ffffffff864b0240 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x2c0/0x830\n #1: ffff88810e961188 (\u0026htab-\u003elockdep_key){....}-{2:2}, at: htab_map_update_elem+0x306/0x1500\n #2: ffff8881f4eac1b8 (\u0026base-\u003esoftirq_expiry_lock){....}-{2:2}, at: hrtimer_cancel_wait_running+0xe9/0x1b0\n Modules linked in: bpf_testmod(O)\n Preemption disabled at:\n [\u003cffffffff817837a3\u003e] htab_map_update_elem+0x293/0x1500\n CPU: 0 UID: 0 PID: 676 Comm: test_progs Tainted: G ... 6.12.0+ #11\n Tainted: [W]=WARN, [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x57/0x70\n dump_stack+0x10/0x20\n __schedule_bug+0x120/0x170\n __schedule+0x300c/0x4800\n schedule_rtlock+0x37/0x60\n rtlock_slowlock_locked+0x6d9/0x54c0\n rt_spin_lock+0x168/0x230\n hrtimer_cancel_wait_running+0xe9/0x1b0\n hrtimer_cancel+0x24/0x30\n bpf_timer_delete_work+0x1d/0x40\n bpf_timer_cancel_and_free+0x5e/0x80\n bpf_obj_free_fields+0x262/0x4a0\n check_and_free_fields+0x1d0/0x280\n htab_map_update_elem+0x7fc/0x1500\n bpf_prog_9f90bc20768e0cb9_overwrite_cb+0x3f/0x43\n bpf_prog_ea601c4649694dbd_overwrite_timer+0x5d/0x7e\n bpf_prog_test_run_syscall+0x322/0x830\n __sys_bpf+0x135d/0x3ca0\n __x64_sys_bpf+0x75/0xb0\n x64_sys_call+0x1b5/0xa10\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n ...\n \u003c/TASK\u003e\n\nIt seems feasible to break the reuse and refill of per-cpu extra_elems\ninto two independent parts: reuse the per-cpu extra_elems with bucket\nlock being held and refill the old_element as per-cpu extra_elems after\nthe bucket lock is unlocked. However, it will make the concurrent\noverwrite procedures on the same CPU return unexpected -E2BIG error when\nthe map is full.\n\nTherefore, the patch fixes the lock problem by breaking the cancelling\nof bpf_timer into two steps for PREEMPT_RT:\n1) use hrtimer_try_to_cancel() and check its return value\n2) if the timer is running, use hrtimer_cancel() through a kworker to\n cancel it again\nConsidering that the current implementation of hrtimer_cancel() will try\nto acquire a being held softirq_expiry_lock when the current timer is\nrunning, these steps above are reasonable. However, it also has\ndownside. When the timer is running, the cancelling of the timer is\ndelayed when releasing the last map uref. The delay is also fixable\n(e.g., break the cancelling of bpf timer into two parts: one part in\nlocked scope, another one in unlocked scope), it can be revised later if\nnecessary.\n\nIt is a bit hard to decide the right fix tag. One reason is that the\nproblem depends on PREEMPT_RT which is enabled in v6.12. Considering the\nsoftirq_expiry_lock lock exists since v5.4 and bpf_timer is introduced\nin v5.15, the bpf_timer commit is used in the fixes tag and an extra\ndepends-on tag is added to state the dependency on PREEMPT_RT.\n\nDepends-on: v6.12+ with PREEMPT_RT enabled",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21825",
"url": "https://www.suse.com/security/cve/CVE-2025-21825"
},
{
"category": "external",
"summary": "SUSE Bug 1238971 for CVE-2025-21825",
"url": "https://bugzilla.suse.com/1238971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21825"
},
{
"cve": "CVE-2025-21828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t flush non-uploaded STAs\n\nIf STA state is pre-moved to AUTHORIZED (such as in IBSS\nscenarios) and insertion fails, the station is freed.\nIn this case, the driver never knew about the station,\nso trying to flush it is unexpected and may crash.\n\nCheck if the sta was uploaded to the driver before and\nfix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21828",
"url": "https://www.suse.com/security/cve/CVE-2025-21828"
},
{
"category": "external",
"summary": "SUSE Bug 1238958 for CVE-2025-21828",
"url": "https://bugzilla.suse.com/1238958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21828"
},
{
"cve": "CVE-2025-21829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the warning \"__rxe_cleanup+0x12c/0x170 [rdma_rxe]\"\n\nThe Call Trace is as below:\n\"\n \u003cTASK\u003e\n ? show_regs.cold+0x1a/0x1f\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __warn+0x84/0xd0\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? report_bug+0x105/0x180\n ? handle_bug+0x46/0x80\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __rxe_cleanup+0x124/0x170 [rdma_rxe]\n rxe_destroy_qp.cold+0x24/0x29 [rdma_rxe]\n ib_destroy_qp_user+0x118/0x190 [ib_core]\n rdma_destroy_qp.cold+0x43/0x5e [rdma_cm]\n rtrs_cq_qp_destroy.cold+0x1d/0x2b [rtrs_core]\n rtrs_srv_close_work.cold+0x1b/0x31 [rtrs_server]\n process_one_work+0x21d/0x3f0\n worker_thread+0x4a/0x3c0\n ? process_one_work+0x3f0/0x3f0\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\"\nWhen too many rdma resources are allocated, rxe needs more time to\nhandle these rdma resources. Sometimes with the current timeout, rxe\ncan not release the rdma resources correctly.\n\nCompared with other rdma drivers, a bigger timeout is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21829",
"url": "https://www.suse.com/security/cve/CVE-2025-21829"
},
{
"category": "external",
"summary": "SUSE Bug 1239030 for CVE-2025-21829",
"url": "https://bugzilla.suse.com/1239030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21829"
},
{
"cve": "CVE-2025-21830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Handle weird files\n\nA corrupted filesystem (e.g. bcachefs) might return weird files.\nInstead of throwing a warning and allowing access to such file, treat\nthem as regular files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21830",
"url": "https://www.suse.com/security/cve/CVE-2025-21830"
},
{
"category": "external",
"summary": "SUSE Bug 1239033 for CVE-2025-21830",
"url": "https://bugzilla.suse.com/1239033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21830"
},
{
"cve": "CVE-2025-21831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1\n\ncommit 9d26d3a8f1b0 (\"PCI: Put PCIe ports into D3 during suspend\") sets the\npolicy that all PCIe ports are allowed to use D3. When the system is\nsuspended if the port is not power manageable by the platform and won\u0027t be\nused for wakeup via a PME this sets up the policy for these ports to go\ninto D3hot.\n\nThis policy generally makes sense from an OSPM perspective but it leads to\nproblems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a\nspecific old BIOS. This manifests as a system hang.\n\nOn the affected Device + BIOS combination, add a quirk for the root port of\nthe problematic controller to ensure that these root ports are not put into\nD3hot at suspend.\n\nThis patch is based on\n\n https://lore.kernel.org/linux-pci/20230708214457.1229-2-mario.limonciello@amd.com\n\nbut with the added condition both in the documentation and in the code to\napply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only\nthe affected root ports.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21831",
"url": "https://www.suse.com/security/cve/CVE-2025-21831"
},
{
"category": "external",
"summary": "SUSE Bug 1239039 for CVE-2025-21831",
"url": "https://bugzilla.suse.com/1239039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21831"
},
{
"cve": "CVE-2025-21832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don\u0027t revert for -EIOCBQUEUED, like what is done in other\nspots.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21832",
"url": "https://www.suse.com/security/cve/CVE-2025-21832"
},
{
"category": "external",
"summary": "SUSE Bug 1239105 for CVE-2025-21832",
"url": "https://bugzilla.suse.com/1239105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_midi: fix MIDI Streaming descriptor lengths\n\nWhile the MIDI jacks are configured correctly, and the MIDIStreaming\nendpoint descriptors are filled with the correct information,\nbNumEmbMIDIJack and bLength are set incorrectly in these descriptors.\n\nThis does not matter when the numbers of in and out ports are equal, but\nwhen they differ the host will receive broken descriptors with\nuninitialized stack memory leaking into the descriptor for whichever\nvalue is smaller.\n\nThe precise meaning of \"in\" and \"out\" in the port counts is not clearly\ndefined and can be confusing. But elsewhere the driver consistently\nuses this to match the USB meaning of IN and OUT viewed from the host,\nso that \"in\" ports send data to the host and \"out\" ports receive data\nfrom it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21835",
"url": "https://www.suse.com/security/cve/CVE-2025-21835"
},
{
"category": "external",
"summary": "SUSE Bug 1239068 for CVE-2025-21835",
"url": "https://bugzilla.suse.com/1239068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: reallocate buf lists on upgrade\n\nIORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it\nwas created for legacy selected buffer and has been emptied. It violates\nthe requirement that most of the field should stay stable after publish.\nAlways reallocate it instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21836",
"url": "https://www.suse.com/security/cve/CVE-2025-21836"
},
{
"category": "external",
"summary": "SUSE Bug 1239066 for CVE-2025-21836",
"url": "https://bugzilla.suse.com/1239066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21836"
},
{
"cve": "CVE-2025-21838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: flush gadget workqueue after device removal\n\ndevice_del() can lead to new work being scheduled in gadget-\u003ework\nworkqueue. This is observed, for example, with the dwc3 driver with the\nfollowing call stack:\n device_del()\n gadget_unbind_driver()\n usb_gadget_disconnect_locked()\n dwc3_gadget_pullup()\n\t dwc3_gadget_soft_disconnect()\n\t usb_gadget_set_state()\n\t schedule_work(\u0026gadget-\u003ework)\n\nMove flush_work() after device_del() to ensure the workqueue is cleaned\nup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21838",
"url": "https://www.suse.com/security/cve/CVE-2025-21838"
},
{
"category": "external",
"summary": "SUSE Bug 1239065 for CVE-2025-21838",
"url": "https://bugzilla.suse.com/1239065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21838"
},
{
"cve": "CVE-2025-21844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Add check for next_buffer in receive_encrypted_standard()\n\nAdd check for the return value of cifs_buf_get() and cifs_small_buf_get()\nin receive_encrypted_standard() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21844",
"url": "https://www.suse.com/security/cve/CVE-2025-21844"
},
{
"category": "external",
"summary": "SUSE Bug 1239512 for CVE-2025-21844",
"url": "https://bugzilla.suse.com/1239512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacct: perform last write from workqueue\n\nIn [1] it was reported that the acct(2) system call can be used to\ntrigger NULL deref in cases where it is set to write to a file that\ntriggers an internal lookup. This can e.g., happen when pointing acc(2)\nto /sys/power/resume. At the point the where the write to this file\nhappens the calling task has already exited and called exit_fs(). A\nlookup will thus trigger a NULL-deref when accessing current-\u003efs.\n\nReorganize the code so that the the final write happens from the\nworkqueue but with the caller\u0027s credentials. This preserves the\n(strange) permission model and has almost no regression risk.\n\nThis api should stop to exist though.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21846",
"url": "https://www.suse.com/security/cve/CVE-2025-21846"
},
{
"category": "external",
"summary": "SUSE Bug 1239508 for CVE-2025-21846",
"url": "https://bugzilla.suse.com/1239508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()\n\nThe nullity of sps-\u003ecstream should be checked similarly as it is done in\nsof_set_stream_data_offset() function.\nAssuming that it is not NULL if sps-\u003estream is NULL is incorrect and can\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21847",
"url": "https://www.suse.com/security/cve/CVE-2025-21847"
},
{
"category": "external",
"summary": "SUSE Bug 1239471 for CVE-2025-21847",
"url": "https://bugzilla.suse.com/1239471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\n\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21848",
"url": "https://www.suse.com/security/cve/CVE-2025-21848"
},
{
"category": "external",
"summary": "SUSE Bug 1239479 for CVE-2025-21848",
"url": "https://bugzilla.suse.com/1239479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: Fix crash when a namespace is disabled\n\nThe namespace percpu counter protects pending I/O, and we can\nonly safely diable the namespace once the counter drop to zero.\nOtherwise we end up with a crash when running blktests/nvme/058\n(eg for loop transport):\n\n[ 2352.930426] [ T53909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 2352.930431] [ T53909] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n[ 2352.930434] [ T53909] CPU: 3 UID: 0 PID: 53909 Comm: kworker/u16:5 Tainted: G W 6.13.0-rc6 #232\n[ 2352.930438] [ T53909] Tainted: [W]=WARN\n[ 2352.930440] [ T53909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 2352.930443] [ T53909] Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]\n[ 2352.930449] [ T53909] RIP: 0010:blkcg_set_ioprio+0x44/0x180\n\nas the queue is already torn down when calling submit_bio();\n\nSo we need to init the percpu counter in nvmet_ns_enable(), and\nwait for it to drop to zero in nvmet_ns_disable() to avoid having\nI/O pending after the namespace has been disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21850",
"url": "https://www.suse.com/security/cve/CVE-2025-21850"
},
{
"category": "external",
"summary": "SUSE Bug 1239477 for CVE-2025-21850",
"url": "https://bugzilla.suse.com/1239477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Don\u0027t reference skb after sending to VIOS\n\nPreviously, after successfully flushing the xmit buffer to VIOS,\nthe tx_bytes stat was incremented by the length of the skb.\n\nIt is invalid to access the skb memory after sending the buffer to\nthe VIOS because, at any point after sending, the VIOS can trigger\nan interrupt to free this memory. A race between reading skb-\u003elen\nand freeing the skb is possible (especially during LPM) and will\nresult in use-after-free:\n ==================================================================\n BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n Read of size 4 at addr c00000024eb48a70 by task hxecom/14495\n \u003c...\u003e\n Call Trace:\n [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable)\n [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0\n [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8\n [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0\n [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358\n \u003c...\u003e\n Freed by task 0:\n kasan_save_stack+0x34/0x68\n kasan_save_track+0x2c/0x50\n kasan_save_free_info+0x64/0x108\n __kasan_mempool_poison_object+0x148/0x2d4\n napi_skb_cache_put+0x5c/0x194\n net_tx_action+0x154/0x5b8\n handle_softirqs+0x20c/0x60c\n do_softirq_own_stack+0x6c/0x88\n \u003c...\u003e\n The buggy address belongs to the object at c00000024eb48a00 which\n belongs to the cache skbuff_head_cache of size 224\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21855",
"url": "https://www.suse.com/security/cve/CVE-2025-21855"
},
{
"category": "external",
"summary": "SUSE Bug 1239484 for CVE-2025-21855",
"url": "https://bugzilla.suse.com/1239484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: add release function for struct device\n\nAccording to device_release() in /drivers/base/core.c,\na device without a release function is a broken device\nand must be fixed.\n\nThe current code directly frees the device after calling device_add()\nwithout waiting for other kernel parts to release their references.\nThus, a reference could still be held to a struct device,\ne.g., by sysfs, leading to potential use-after-free\nissues if a proper release function is not set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21856",
"url": "https://www.suse.com/security/cve/CVE-2025-21856"
},
{
"category": "external",
"summary": "SUSE Bug 1239486 for CVE-2025-21856",
"url": "https://bugzilla.suse.com/1239486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_api: fix error handling causing NULL dereference\n\ntcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can\nreturn 1 if the allocation succeeded after wrapping. This was treated as\nan error, with value 1 returned to caller tcf_exts_init_ex() which sets\nexts-\u003eactions to NULL and returns 1 to caller fl_change().\n\nfl_change() treats err == 1 as success, calling tcf_exts_validate_ex()\nwhich calls tcf_action_init() with exts-\u003eactions as argument, where it\nis dereferenced.\n\nExample trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCPU: 114 PID: 16151 Comm: handler114 Kdump: loaded Not tainted 5.14.0-503.16.1.el9_5.x86_64 #1\nRIP: 0010:tcf_action_init+0x1f8/0x2c0\nCall Trace:\n tcf_action_init+0x1f8/0x2c0\n tcf_exts_validate_ex+0x175/0x190\n fl_change+0x537/0x1120 [cls_flower]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21857",
"url": "https://www.suse.com/security/cve/CVE-2025-21857"
},
{
"category": "external",
"summary": "SUSE Bug 1239478 for CVE-2025-21857",
"url": "https://bugzilla.suse.com/1239478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: Fix use-after-free in geneve_find_dev().\n\nsyzkaller reported a use-after-free in geneve_find_dev() [0]\nwithout repro.\n\ngeneve_configure() links struct geneve_dev.next to\nnet_generic(net, geneve_net_id)-\u003egeneve_list.\n\nThe net here could differ from dev_net(dev) if IFLA_NET_NS_PID,\nIFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set.\n\nWhen dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally\ncalls unregister_netdevice_queue() for each dev in the netns,\nand later the dev is freed.\n\nHowever, its geneve_dev.next is still linked to the backend UDP\nsocket netns.\n\nThen, use-after-free will occur when another geneve dev is created\nin the netns.\n\nLet\u0027s call geneve_dellink() instead in geneve_destroy_tunnels().\n\n[0]:\nBUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline]\nBUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\nRead of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441\n\nCPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379\n geneve_find_dev drivers/net/geneve.c:1295 [inline]\n geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\n geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634\n rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:713 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568\n ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622\n __sys_sendmsg net/socket.c:2654 [inline]\n __do_sys_sendmsg net/socket.c:2659 [inline]\n __se_sys_sendmsg net/socket.c:2657 [inline]\n __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600\n\nAllocated by task 13247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4298 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645\n alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470\n rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_n\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21858",
"url": "https://www.suse.com/security/cve/CVE-2025-21858"
},
{
"category": "external",
"summary": "SUSE Bug 1239468 for CVE-2025-21858",
"url": "https://bugzilla.suse.com/1239468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: f_midi: f_midi_complete to call queue_work\n\nWhen using USB MIDI, a lock is attempted to be acquired twice through a\nre-entrant call to f_midi_transmit, causing a deadlock.\n\nFix it by using queue_work() to schedule the inner f_midi_transmit() via\na high priority work queue from the completion handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21859",
"url": "https://www.suse.com/security/cve/CVE-2025-21859"
},
{
"category": "external",
"summary": "SUSE Bug 1239467 for CVE-2025-21859",
"url": "https://bugzilla.suse.com/1239467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate_device: don\u0027t add folio to be freed to LRU in migrate_device_finalize()\n\nIf migration succeeded, we called\nfolio_migrate_flags()-\u003emem_cgroup_migrate() to migrate the memcg from the\nold to the new folio. This will set memcg_data of the old folio to 0.\n\nSimilarly, if migration failed, memcg_data of the dst folio is left unset.\n\nIf we call folio_putback_lru() on such folios (memcg_data == 0), we will\nadd the folio to be freed to the LRU, making memcg code unhappy. Running\nthe hmm selftests:\n\n # ./hmm-tests\n ...\n # RUN hmm.hmm_device_private.migrate ...\n [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00\n [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff)\n [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9\n [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000\n [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg \u0026\u0026 !mem_cgroup_disabled())\n [ 102.087230][T14893] ------------[ cut here ]------------\n [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.090478][T14893] Modules linked in:\n [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151\n [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.096104][T14893] Code: ...\n [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293\n [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426\n [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880\n [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000\n [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8\n [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000\n [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000\n [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0\n [ 102.113478][T14893] PKRU: 55555554\n [ 102.114172][T14893] Call Trace:\n [ 102.114805][T14893] \u003cTASK\u003e\n [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.116547][T14893] ? __warn.cold+0x110/0x210\n [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.118667][T14893] ? report_bug+0x1b9/0x320\n [ 102.119571][T14893] ? handle_bug+0x54/0x90\n [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50\n [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20\n [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0\n [ 102.123506][T14893] ? dump_page+0x4f/0x60\n [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200\n [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720\n [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.129550][T14893] folio_putback_lru+0x16/0x80\n [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530\n [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0\n [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80\n\nLikely, nothing else goes wrong: putting the last folio reference will\nremove the folio from the LRU again. So besides memcg complaining, adding\nthe folio to be freed to the LRU is just an unnecessary step.\n\nThe new flow resembles what we have in migrate_folio_move(): add the dst\nto the lru, rem\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21861",
"url": "https://www.suse.com/security/cve/CVE-2025-21861"
},
{
"category": "external",
"summary": "SUSE Bug 1239483 for CVE-2025-21861",
"url": "https://bugzilla.suse.com/1239483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: fix incorrect initialization order\n\nSyzkaller reports the following bug:\n\nBUG: spinlock bad magic on CPU#1, syz-executor.0/7995\n lock: 0xffff88805303f3e0, .magic: 00000000, .owner: \u003cnone\u003e/-1, .owner_cpu: 0\nCPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x119/0x179 lib/dump_stack.c:118\n debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]\n do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]\n _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159\n reset_per_cpu_data+0xe6/0x240 [drop_monitor]\n net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor]\n genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497\n genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:651 [inline]\n __sock_sendmsg+0x157/0x190 net/socket.c:663\n ____sys_sendmsg+0x712/0x870 net/socket.c:2378\n ___sys_sendmsg+0xf8/0x170 net/socket.c:2432\n __sys_sendmsg+0xea/0x1b0 net/socket.c:2461\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\nRIP: 0033:0x7f3f9815aee9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9\nRDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007\nRBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768\n\nIf drop_monitor is built as a kernel module, syzkaller may have time\nto send a netlink NET_DM_CMD_START message during the module loading.\nThis will call the net_dm_monitor_start() function that uses\na spinlock that has not yet been initialized.\n\nTo fix this, let\u0027s place resource initialization above the registration\nof a generic netlink family.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21862",
"url": "https://www.suse.com/security/cve/CVE-2025-21862"
},
{
"category": "external",
"summary": "SUSE Bug 1239474 for CVE-2025-21862",
"url": "https://bugzilla.suse.com/1239474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: prevent opcode speculation\n\nsqe-\u003eopcode is used for different tables, make sure we santitise it\nagainst speculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21863",
"url": "https://www.suse.com/security/cve/CVE-2025-21863"
},
{
"category": "external",
"summary": "SUSE Bug 1239475 for CVE-2025-21863",
"url": "https://bugzilla.suse.com/1239475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21863"
},
{
"cve": "CVE-2025-21864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: drop secpath at the same time as we currently drop dst\n\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\nrunning tests that boil down to:\n - create a pair of netns\n - run a basic TCP test over ipcomp6\n - delete the pair of netns\n\nThe xfrm_state found on spi_byaddr was not deleted at the time we\ndelete the netns, because we still have a reference on it. This\nlingering reference comes from a secpath (which holds a ref on the\nxfrm_state), which is still attached to an skb. This skb is not\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\nskb_attempt_defer_free.\n\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\nthat case, we still have a reference on the xfrm_state that we don\u0027t\nexpect at this point.\n\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\nlonger needed, so let\u0027s also drop the secpath. At this point,\ntcp_filter has already called into the LSM hooks that may require the\nsecpath, so it should not be needed anymore. However, in some of those\nplaces, the MPTCP extension has just been attached to the skb, so we\ncannot simply drop all extensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21864",
"url": "https://www.suse.com/security/cve/CVE-2025-21864"
},
{
"category": "external",
"summary": "SUSE Bug 1239482 for CVE-2025-21864",
"url": "https://bugzilla.suse.com/1239482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().\n\nBrad Spengler reported the list_del() corruption splat in\ngtp_net_exit_batch_rtnl(). [0]\n\nCommit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns\ndismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl()\nto destroy devices in each netns as done in geneve and ip tunnels.\n\nHowever, this could trigger -\u003edellink() twice for the same device during\n-\u003eexit_batch_rtnl().\n\nSay we have two netns A \u0026 B and gtp device B that resides in netns B but\nwhose UDP socket is in netns A.\n\n 1. cleanup_net() processes netns A and then B.\n\n 2. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns A\u0027s gn-\u003egtp_dev_list and calls -\u003edellink().\n\n [ device B is not yet unlinked from netns B\n as unregister_netdevice_many() has not been called. ]\n\n 3. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns B\u0027s for_each_netdev() and calls -\u003edellink().\n\ngtp_dellink() cleans up the device\u0027s hash table, unlinks the dev from\ngn-\u003egtp_dev_list, and calls unregister_netdevice_queue().\n\nBasically, calling gtp_dellink() multiple times is fine unless\nCONFIG_DEBUG_LIST is enabled.\n\nLet\u0027s remove for_each_netdev() in gtp_net_exit_batch_rtnl() and\ndelegate the destruction to default_device_exit_batch() as done\nin bareudp.\n\n[0]:\nlist_del corruption, ffff8880aaa62c00-\u003enext (autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]) is LIST_POISON1 (ffffffffffffff02) (prev is 0xffffffffffffff04)\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 UID: 0 PID: 1804 Comm: kworker/u8:7 Tainted: G T 6.12.13-grsec-full-20250211091339 #1\nTainted: [T]=RANDSTRUCT\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:[\u003cffffffff84947381\u003e] __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nCode: c2 76 91 31 c0 e8 9f b1 f7 fc 0f 0b 4d 89 f0 48 c7 c1 02 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 e0 c2 76 91 31 c0 e8 7f b1 f7 fc \u003c0f\u003e 0b 4d 89 e8 48 c7 c1 04 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 60\nRSP: 0018:fffffe8040b4fbd0 EFLAGS: 00010283\nRAX: 00000000000000cc RBX: dffffc0000000000 RCX: ffffffff818c4054\nRDX: ffffffff84947381 RSI: ffffffff818d1512 RDI: 0000000000000000\nRBP: ffff8880aaa62c00 R08: 0000000000000001 R09: fffffbd008169f32\nR10: fffffe8040b4f997 R11: 0000000000000001 R12: a1988d84f24943e4\nR13: ffffffffffffff02 R14: ffffffffffffff04 R15: ffff8880aaa62c08\nRBX: kasan shadow of 0x0\nRCX: __wake_up_klogd.part.0+0x74/0xe0 kernel/printk/printk.c:4554\nRDX: __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nRSI: vprintk+0x72/0x100 kernel/printk/printk_safe.c:71\nRBP: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]\nRSP: process kstack fffffe8040b4fbd0+0x7bd0/0x8000 [kworker/u8:7+netns 1804 ]\nR09: kasan shadow of process kstack fffffe8040b4f990+0x7990/0x8000 [kworker/u8:7+netns 1804 ]\nR10: process kstack fffffe8040b4f997+0x7997/0x8000 [kworker/u8:7+netns 1804 ]\nR15: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc08/0x1000 [slab object]\nFS: 0000000000000000(0000) GS:ffff888116000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000748f5372c000 CR3: 0000000015408000 CR4: 00000000003406f0 shadow CR4: 00000000003406f0\nStack:\n 0000000000000000 ffffffff8a0c35e7 ffffffff8a0c3603 ffff8880aaa62c00\n ffff8880aaa62c00 0000000000000004 ffff88811145311c 0000000000000005\n 0000000000000001 ffff8880aaa62000 fffffe8040b4fd40 ffffffff8a0c360d\nCall Trace:\n \u003cTASK\u003e\n [\u003cffffffff8a0c360d\u003e] __list_del_entry_valid include/linux/list.h:131 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] __list_del_entry include/linux/list.h:248 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] list_del include/linux/list.h:262 [inl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21865",
"url": "https://www.suse.com/security/cve/CVE-2025-21865"
},
{
"category": "external",
"summary": "SUSE Bug 1239481 for CVE-2025-21865",
"url": "https://bugzilla.suse.com/1239481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC\n\nErhard reported the following KASAN hit while booting his PowerMac G4\nwith a KASAN-enabled kernel 6.13-rc6:\n\n BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8\n Write of size 8 at addr f1000000 by task chronyd/1293\n\n CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2\n Tainted: [W]=WARN\n Hardware name: PowerMac3,6 7455 0x80010303 PowerMac\n Call Trace:\n [c2437590] [c1631a84] dump_stack_lvl+0x70/0x8c (unreliable)\n [c24375b0] [c0504998] print_report+0xdc/0x504\n [c2437610] [c050475c] kasan_report+0xf8/0x108\n [c2437690] [c0505a3c] kasan_check_range+0x24/0x18c\n [c24376a0] [c03fb5e4] copy_to_kernel_nofault+0xd8/0x1c8\n [c24376c0] [c004c014] patch_instructions+0x15c/0x16c\n [c2437710] [c00731a8] bpf_arch_text_copy+0x60/0x7c\n [c2437730] [c0281168] bpf_jit_binary_pack_finalize+0x50/0xac\n [c2437750] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec\n [c2437880] [c0280394] bpf_prog_select_runtime+0x15c/0x478\n [c24378d0] [c1263428] bpf_prepare_filter+0xbf8/0xc14\n [c2437990] [c12677ec] bpf_prog_create_from_user+0x258/0x2b4\n [c24379d0] [c027111c] do_seccomp+0x3dc/0x1890\n [c2437ac0] [c001d8e0] system_call_exception+0x2dc/0x420\n [c2437f30] [c00281ac] ret_from_syscall+0x0/0x2c\n --- interrupt: c00 at 0x5a1274\n NIP: 005a1274 LR: 006a3b3c CTR: 005296c8\n REGS: c2437f40 TRAP: 0c00 Tainted: G W (6.13.0-rc6-PMacG4)\n MSR: 0200f932 \u003cVEC,EE,PR,FP,ME,IR,DR,RI\u003e CR: 24004422 XER: 00000000\n\n GPR00: 00000166 af8f3fa0 a7ee3540 00000001 00000000 013b6500 005a5858 0200f932\n GPR08: 00000000 00001fe9 013d5fc8 005296c8 2822244c 00b2fcd8 00000000 af8f4b57\n GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002\n GPR24: 00afdbb0 00000000 00000000 00000000 006e0004 013ce060 006e7c1c 00000001\n NIP [005a1274] 0x5a1274\n LR [006a3b3c] 0x6a3b3c\n --- interrupt: c00\n\n The buggy address belongs to the virtual mapping at\n [f1000000, f1002000) created by:\n text_area_cpu_up+0x20/0x190\n\n The buggy address belongs to the physical page:\n page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x76e30\n flags: 0x80000000(zone=2)\n raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001\n raw: 00000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n f0ffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n f0ffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003ef1000000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n f1000080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n f1000100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ==================================================================\n\nf8 corresponds to KASAN_VMALLOC_INVALID which means the area is not\ninitialised hence not supposed to be used yet.\n\nPowerpc text patching infrastructure allocates a virtual memory area\nusing get_vm_area() and flags it as VM_ALLOC. But that flag is meant\nto be used for vmalloc() and vmalloc() allocated memory is not\nsupposed to be used before a call to __vmalloc_node_range() which is\nnever called for that area.\n\nThat went undetected until commit e4137f08816b (\"mm, kasan, kmsan:\ninstrument copy_from/to_kernel_nofault\")\n\nThe area allocated by text_area_cpu_up() is not vmalloc memory, it is\nmapped directly on demand when needed by map_kernel_page(). There is\nno VM flag corresponding to such usage, so just pass no flag. That way\nthe area will be unpoisonned and usable immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21866",
"url": "https://www.suse.com/security/cve/CVE-2025-21866"
},
{
"category": "external",
"summary": "SUSE Bug 1239473 for CVE-2025-21866",
"url": "https://bugzilla.suse.com/1239473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Disable KASAN report during patching via temporary mm\n\nErhard reports the following KASAN hit on Talos II (power9) with kernel 6.13:\n\n[ 12.028126] ==================================================================\n[ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1\n\n[ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted: G T 6.13.0-P9-dirty #3\n[ 12.028408] Tainted: [T]=RANDSTRUCT\n[ 12.028446] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n[ 12.028500] Call Trace:\n[ 12.028536] [c000000008dbf3b0] [c000000001656a48] dump_stack_lvl+0xbc/0x110 (unreliable)\n[ 12.028609] [c000000008dbf3f0] [c0000000006e2fc8] print_report+0x6b0/0x708\n[ 12.028666] [c000000008dbf4e0] [c0000000006e2454] kasan_report+0x164/0x300\n[ 12.028725] [c000000008dbf600] [c0000000006e54d4] kasan_check_range+0x314/0x370\n[ 12.028784] [c000000008dbf640] [c0000000006e6310] __kasan_check_write+0x20/0x40\n[ 12.028842] [c000000008dbf660] [c000000000578e8c] copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028902] [c000000008dbf6a0] [c0000000000acfe4] __patch_instructions+0x194/0x210\n[ 12.028965] [c000000008dbf6e0] [c0000000000ade80] patch_instructions+0x150/0x590\n[ 12.029026] [c000000008dbf7c0] [c0000000001159bc] bpf_arch_text_copy+0x6c/0xe0\n[ 12.029085] [c000000008dbf800] [c000000000424250] bpf_jit_binary_pack_finalize+0x40/0xc0\n[ 12.029147] [c000000008dbf830] [c000000000115dec] bpf_int_jit_compile+0x3bc/0x930\n[ 12.029206] [c000000008dbf990] [c000000000423720] bpf_prog_select_runtime+0x1f0/0x280\n[ 12.029266] [c000000008dbfa00] [c000000000434b18] bpf_prog_load+0xbb8/0x1370\n[ 12.029324] [c000000008dbfb70] [c000000000436ebc] __sys_bpf+0x5ac/0x2e00\n[ 12.029379] [c000000008dbfd00] [c00000000043a228] sys_bpf+0x28/0x40\n[ 12.029435] [c000000008dbfd20] [c000000000038eb4] system_call_exception+0x334/0x610\n[ 12.029497] [c000000008dbfe50] [c00000000000c270] system_call_vectored_common+0xf0/0x280\n[ 12.029561] --- interrupt: 3000 at 0x3fff82f5cfa8\n[ 12.029608] NIP: 00003fff82f5cfa8 LR: 00003fff82f5cfa8 CTR: 0000000000000000\n[ 12.029660] REGS: c000000008dbfe80 TRAP: 3000 Tainted: G T (6.13.0-P9-dirty)\n[ 12.029735] MSR: 900000000280f032 \u003cSF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI\u003e CR: 42004848 XER: 00000000\n[ 12.029855] IRQMASK: 0\n GPR00: 0000000000000169 00003fffdcf789a0 00003fff83067100 0000000000000005\n GPR04: 00003fffdcf78a98 0000000000000090 0000000000000000 0000000000000008\n GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 0000000000000000 00003fff836ff7e0 c000000000010678 0000000000000000\n GPR16: 0000000000000000 0000000000000000 00003fffdcf78f28 00003fffdcf78f90\n GPR20: 0000000000000000 0000000000000000 0000000000000000 00003fffdcf78f80\n GPR24: 00003fffdcf78f70 00003fffdcf78d10 00003fff835c7239 00003fffdcf78bd8\n GPR28: 00003fffdcf78a98 0000000000000000 0000000000000000 000000011f547580\n[ 12.030316] NIP [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030361] LR [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030405] --- interrupt: 3000\n[ 12.030444] ==================================================================\n\nCommit c28c15b6d28a (\"powerpc/code-patching: Use temporary mm for\nRadix MMU\") is inspired from x86 but unlike x86 is doesn\u0027t disable\nKASAN reports during patching. This wasn\u0027t a problem at the begining\nbecause __patch_mem() is not instrumented.\n\nCommit 465cabc97b42 (\"powerpc/code-patching: introduce\npatch_instructions()\") use copy_to_kernel_nofault() to copy several\ninstructions at once. But when using temporary mm the destination is\nnot regular kernel memory but a kind of kernel-like memory located\nin user address space. \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21869",
"url": "https://www.suse.com/security/cve/CVE-2025-21869"
},
{
"category": "external",
"summary": "SUSE Bug 1240182 for CVE-2025-21869",
"url": "https://bugzilla.suse.com/1240182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers\n\nOther, non DAI copier widgets could have the same stream name (sname) as\nthe ALH copier and in that case the copier-\u003edata is NULL, no alh_data is\nattached, which could lead to NULL pointer dereference.\nWe could check for this NULL pointer in sof_ipc4_prepare_copier_module()\nand avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()\nwill miscalculate the ALH device count, causing broken audio.\n\nThe correct fix is to harden the matching logic by making sure that the\n1. widget is a DAI widget - so dai = w-\u003eprivate is valid\n2. the dai (and thus the copier) is ALH copier",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21870",
"url": "https://www.suse.com/security/cve/CVE-2025-21870"
},
{
"category": "external",
"summary": "SUSE Bug 1240191 for CVE-2025-21870",
"url": "https://bugzilla.suse.com/1240191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it\u0027s possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21871",
"url": "https://www.suse.com/security/cve/CVE-2025-21871"
},
{
"category": "external",
"summary": "SUSE Bug 1240183 for CVE-2025-21871",
"url": "https://bugzilla.suse.com/1240183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: bsg: Fix crash when arpmb command fails\n\nIf the device doesn\u0027t support arpmb we\u0027ll crash due to copying user data in\nbsg_transport_sg_io_fn().\n\nIn the case where ufs_bsg_exec_advanced_rpmb_req() returns an error, do not\nset the job\u0027s reply_len.\n\nMemory crash backtrace:\n3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22\n\n4,1308,531166555,-;Call Trace:\n\n4,1309,531166559,-; \u003cTASK\u003e\n\n4,1310,531166565,-; ? show_regs+0x6d/0x80\n\n4,1311,531166575,-; ? die+0x37/0xa0\n\n4,1312,531166583,-; ? do_trap+0xd4/0xf0\n\n4,1313,531166593,-; ? do_error_trap+0x71/0xb0\n\n4,1314,531166601,-; ? usercopy_abort+0x6c/0x80\n\n4,1315,531166610,-; ? exc_invalid_op+0x52/0x80\n\n4,1316,531166622,-; ? usercopy_abort+0x6c/0x80\n\n4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20\n\n4,1318,531166643,-; ? usercopy_abort+0x6c/0x80\n\n4,1319,531166652,-; __check_heap_object+0xe3/0x120\n\n4,1320,531166661,-; check_heap_object+0x185/0x1d0\n\n4,1321,531166670,-; __check_object_size.part.0+0x72/0x150\n\n4,1322,531166679,-; __check_object_size+0x23/0x30\n\n4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21873",
"url": "https://www.suse.com/security/cve/CVE-2025-21873"
},
{
"category": "external",
"summary": "SUSE Bug 1240184 for CVE-2025-21873",
"url": "https://bugzilla.suse.com/1240184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21873"
},
{
"cve": "CVE-2025-21875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21875"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: always handle address removal under msk socket lock\n\nSyzkaller reported a lockdep splat in the PM control path:\n\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Modules linked in:\n CPU: 0 UID: 0 PID: 6693 Comm: syz.0.205 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\n RIP: 0010:sock_owned_by_me include/net/sock.h:1711 [inline]\n RIP: 0010:msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n RIP: 0010:mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ca 7b d3 f5 eb b9 e8 c3 7b d3 f5 90 0f 0b 90 e9 dd fb ff ff e8 b5 7b d3 f5 90 \u003c0f\u003e 0b 90 e9 3e fb ff ff 44 89 f1 80 e1 07 38 c1 0f 8c eb fb ff ff\n RSP: 0000:ffffc900034f6f60 EFLAGS: 00010283\n RAX: ffffffff8bee3c2b RBX: 0000000000000001 RCX: 0000000000080000\n RDX: ffffc90004d42000 RSI: 000000000000a407 RDI: 000000000000a408\n RBP: ffffc900034f7030 R08: ffffffff8bee37f6 R09: 0100000000000000\n R10: dffffc0000000000 R11: ffffed100bcc62e4 R12: ffff88805e6316e0\n R13: ffff88805e630c00 R14: dffffc0000000000 R15: ffff88805e630c00\n FS: 00007f7e9a7e96c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000001b2fd18ff8 CR3: 0000000032c24000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n mptcp_pm_remove_addr+0x103/0x1d0 net/mptcp/pm.c:59\n mptcp_pm_remove_anno_addr+0x1f4/0x2f0 net/mptcp/pm_netlink.c:1486\n mptcp_nl_remove_subflow_and_signal_addr net/mptcp/pm_netlink.c:1518 [inline]\n mptcp_pm_nl_del_addr_doit+0x118d/0x1af0 net/mptcp/pm_netlink.c:1629\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb1f/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x206/0x480 net/netlink/af_netlink.c:2543\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:718 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:733\n ____sys_sendmsg+0x53a/0x860 net/socket.c:2573\n ___sys_sendmsg net/socket.c:2627 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2659\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f7e9998cde9\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f7e9a7e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f7e99ba5fa0 RCX: 00007f7e9998cde9\n RDX: 000000002000c094 RSI: 0000400000000000 RDI: 0000000000000007\n RBP: 00007f7e99a0e2a0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 0000000000000000 R14: 00007f7e99ba5fa0 R15: 00007fff49231088\n\nIndeed the PM can try to send a RM_ADDR over a msk without acquiring\nfirst the msk socket lock.\n\nThe bugged code-path comes from an early optimization: when there\nare no subflows, the PM should (usually) not send RM_ADDR\nnotifications.\n\nThe above statement is incorrect, as without locks another process\ncould concur\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21875",
"url": "https://www.suse.com/security/cve/CVE-2025-21875"
},
{
"category": "external",
"summary": "SUSE Bug 1240168 for CVE-2025-21875",
"url": "https://bugzilla.suse.com/1240168"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21875"
},
{
"cve": "CVE-2025-21876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix suspicious RCU usage\n\nCommit \u003cd74169ceb0d2\u003e (\"iommu/vt-d: Allocate DMAR fault interrupts\nlocally\") moved the call to enable_drhd_fault_handling() to a code\npath that does not hold any lock while traversing the drhd list. Fix\nit by ensuring the dmar_global_lock lock is held when traversing the\ndrhd list.\n\nWithout this fix, the following warning is triggered:\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3 #55 Not tainted\n -----------------------------\n drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!!\n other info that might help us debug this:\n rcu_scheduler_active = 1, debug_locks = 1\n 2 locks held by cpuhp/1/23:\n #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n stack backtrace:\n CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xb7/0xd0\n lockdep_rcu_suspicious+0x159/0x1f0\n ? __pfx_enable_drhd_fault_handling+0x10/0x10\n enable_drhd_fault_handling+0x151/0x180\n cpuhp_invoke_callback+0x1df/0x990\n cpuhp_thread_fun+0x1ea/0x2c0\n smpboot_thread_fn+0x1f5/0x2e0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n kthread+0x12a/0x2d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4a/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nHolding the lock in enable_drhd_fault_handling() triggers a lockdep splat\nabout a possible deadlock between dmar_global_lock and cpu_hotplug_lock.\nThis is avoided by not holding dmar_global_lock when calling\niommu_device_register(), which initiates the device probe process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21876",
"url": "https://www.suse.com/security/cve/CVE-2025-21876"
},
{
"category": "external",
"summary": "SUSE Bug 1240179 for CVE-2025-21876",
"url": "https://bugzilla.suse.com/1240179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: gl620a: fix endpoint checking in genelink_bind()\n\nSyzbot reports [1] a warning in usb_submit_urb() triggered by\ninconsistencies between expected and actually present endpoints\nin gl620a driver. Since genelink_bind() does not properly\nverify whether specified eps are in fact provided by the device,\nin this case, an artificially manufactured one, one may get a\nmismatch.\n\nFix the issue by resorting to a usbnet utility function\nusbnet_get_endpoints(), usually reserved for this very problem.\nCheck for endpoints and return early before proceeding further if\nany are missing.\n\n[1] Syzbot report:\nusb 5-1: Manufacturer: syz\nusb 5-1: SerialNumber: syz\nusb 5-1: config 0 descriptor??\ngl620a 5-1:0.23 usb0: register \u0027gl620a\u0027 at usb-dummy_hcd.0-1, ...\n------------[ cut here ]------------\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nModules linked in:\nCPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:3827 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_resolve_output net/core/neighbour.c:1514 [inline]\n neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494\n neigh_output include/net/neighbour.h:539 [inline]\n ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819\n mld_send_cr net/ipv6/mcast.c:2120 [inline]\n mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651\n process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21877",
"url": "https://www.suse.com/security/cve/CVE-2025-21877"
},
{
"category": "external",
"summary": "SUSE Bug 1240172 for CVE-2025-21877",
"url": "https://bugzilla.suse.com/1240172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: npcm: disable interrupt enable bit before devm_request_irq\n\nThe customer reports that there is a soft lockup issue related to\nthe i2c driver. After checking, the i2c module was doing a tx transfer\nand the bmc machine reboots in the middle of the i2c transaction, the i2c\nmodule keeps the status without being reset.\n\nDue to such an i2c module status, the i2c irq handler keeps getting\ntriggered since the i2c irq handler is registered in the kernel booting\nprocess after the bmc machine is doing a warm rebooting.\nThe continuous triggering is stopped by the soft lockup watchdog timer.\n\nDisable the interrupt enable bit in the i2c module before calling\ndevm_request_irq to fix this issue since the i2c relative status bit\nis read-only.\n\nHere is the soft lockup log.\n[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]\n[ 28.183351] Modules linked in:\n[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1\n[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 28.208128] pc : __do_softirq+0xb0/0x368\n[ 28.212055] lr : __do_softirq+0x70/0x368\n[ 28.215972] sp : ffffff8035ebca00\n[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780\n[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0\n[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b\n[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff\n[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000\n[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2\n[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250\n[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434\n[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198\n[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40\n[ 28.290611] Call trace:\n[ 28.293052] __do_softirq+0xb0/0x368\n[ 28.296625] __irq_exit_rcu+0xe0/0x100\n[ 28.300374] irq_exit+0x14/0x20\n[ 28.303513] handle_domain_irq+0x68/0x90\n[ 28.307440] gic_handle_irq+0x78/0xb0\n[ 28.311098] call_on_irq_stack+0x20/0x38\n[ 28.315019] do_interrupt_handler+0x54/0x5c\n[ 28.319199] el1_interrupt+0x2c/0x4c\n[ 28.322777] el1h_64_irq_handler+0x14/0x20\n[ 28.326872] el1h_64_irq+0x74/0x78\n[ 28.330269] __setup_irq+0x454/0x780\n[ 28.333841] request_threaded_irq+0xd0/0x1b4\n[ 28.338107] devm_request_threaded_irq+0x84/0x100\n[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0\n[ 28.346990] platform_probe+0x6c/0xc4\n[ 28.350653] really_probe+0xcc/0x45c\n[ 28.354227] __driver_probe_device+0x8c/0x160\n[ 28.358578] driver_probe_device+0x44/0xe0\n[ 28.362670] __driver_attach+0x124/0x1d0\n[ 28.366589] bus_for_each_dev+0x7c/0xe0\n[ 28.370426] driver_attach+0x28/0x30\n[ 28.373997] bus_add_driver+0x124/0x240\n[ 28.377830] driver_register+0x7c/0x124\n[ 28.381662] __platform_driver_register+0x2c/0x34\n[ 28.386362] npcm_i2c_init+0x3c/0x5c\n[ 28.389937] do_one_initcall+0x74/0x230\n[ 28.393768] kernel_init_freeable+0x24c/0x2b4\n[ 28.398126] kernel_init+0x28/0x130\n[ 28.401614] ret_from_fork+0x10/0x20\n[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks\n[ 28.411011] SMP: stopping secondary CPUs\n[ 28.414933] Kernel Offset: disabled\n[ 28.418412] CPU features: 0x00000000,00000802\n[ 28.427644] Rebooting in 20 seconds..",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21878",
"url": "https://www.suse.com/security/cve/CVE-2025-21878"
},
{
"category": "external",
"summary": "SUSE Bug 1240192 for CVE-2025-21878",
"url": "https://bugzilla.suse.com/1240192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: Reject the shared zeropage in uprobe_write_opcode()\n\nWe triggered the following crash in syzkaller tests:\n\n BUG: Bad page state in process syz.7.38 pfn:1eff3\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3\n flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff)\n raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000\n page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x32/0x50\n bad_page+0x69/0xf0\n free_unref_page_prepare+0x401/0x500\n free_unref_page+0x6d/0x1b0\n uprobe_write_opcode+0x460/0x8e0\n install_breakpoint.part.0+0x51/0x80\n register_for_each_vma+0x1d9/0x2b0\n __uprobe_register+0x245/0x300\n bpf_uprobe_multi_link_attach+0x29b/0x4f0\n link_create+0x1e2/0x280\n __sys_bpf+0x75f/0xac0\n __x64_sys_bpf+0x1a/0x30\n do_syscall_64+0x56/0x100\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\n BUG: Bad rss-counter state mm:00000000452453e0 type:MM_FILEPAGES val:-1\n\nThe following syzkaller test case can be used to reproduce:\n\n r2 = creat(\u0026(0x7f0000000000)=\u0027./file0\\x00\u0027, 0x8)\n write$nbd(r2, \u0026(0x7f0000000580)=ANY=[], 0x10)\n r4 = openat(0xffffffffffffff9c, \u0026(0x7f0000000040)=\u0027./file0\\x00\u0027, 0x42, 0x0)\n mmap$IORING_OFF_SQ_RING(\u0026(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)\n r5 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r5, 0xc018aa3f, \u0026(0x7f0000000040)={0xaa, 0x20})\n r6 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r6, 0xc018aa3f, \u0026(0x7f0000000140))\n ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, \u0026(0x7f0000000100)={{\u0026(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2})\n ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, \u0026(0x7f0000000000)={{\u0026(0x7f0000ffd000/0x1000)=nil, 0x1000}})\n r7 = bpf$PROG_LOAD(0x5, \u0026(0x7f0000000140)={0x2, 0x3, \u0026(0x7f0000000200)=ANY=[@ANYBLOB=\"1800000000120000000000000000000095\"], \u0026(0x7f0000000000)=\u0027GPL\\x00\u0027, 0x7, 0x0, 0x0, 0x0, 0x0, \u0027\\x00\u0027, 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)\n bpf$BPF_LINK_CREATE_XDP(0x1c, \u0026(0x7f0000000040)={r7, 0x0, 0x30, 0x1e, @val=@uprobe_multi={\u0026(0x7f0000000080)=\u0027./file0\\x00\u0027, \u0026(0x7f0000000100)=[0x2], 0x0, 0x0, 0x1}}, 0x40)\n\nThe cause is that zero pfn is set to the PTE without increasing the RSS\ncount in mfill_atomic_pte_zeropage() and the refcount of zero folio does\nnot increase accordingly. Then, the operation on the same pfn is performed\nin uprobe_write_opcode()-\u003e__replace_page() to unconditional decrease the\nRSS count and old_folio\u0027s refcount.\n\nTherefore, two bugs are introduced:\n\n 1. The RSS count is incorrect, when process exit, the check_mm() report\n error \"Bad rss-count\".\n\n 2. The reserved folio (zero folio) is freed when folio-\u003erefcount is zero,\n then free_pages_prepare-\u003efree_page_is_bad() report error\n \"Bad page state\".\n\nThere is more, the following warning could also theoretically be triggered:\n\n __replace_page()\n -\u003e ...\n -\u003e folio_remove_rmap_pte()\n -\u003e VM_WARN_ON_FOLIO(is_zero_folio(folio), folio)\n\nConsidering that uprobe hit on the zero folio is a very rare case, just\nreject zero old folio immediately after get_user_page_vma_remote().\n\n[ mingo: Cleaned up the changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21881",
"url": "https://www.suse.com/security/cve/CVE-2025-21881"
},
{
"category": "external",
"summary": "SUSE Bug 1240185 for CVE-2025-21881",
"url": "https://bugzilla.suse.com/1240185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21881"
},
{
"cve": "CVE-2025-21883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix deinitializing VF in error path\n\nIf ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees\nall VFs without removing them from snapshot PF-VF mailbox list, leading\nto list corruption.\n\nReproducer:\n devlink dev eswitch set $PF1_PCI mode switchdev\n ip l s $PF1 up\n ip l s $PF1 promisc on\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n\nTrace (minimized):\n list_add corruption. next-\u003eprev should be prev (ffff8882e241c6f0), but was 0000000000000000. (next=ffff888455da1330).\n kernel BUG at lib/list_debug.c:29!\n RIP: 0010:__list_add_valid_or_report+0xa6/0x100\n ice_mbx_init_vf_info+0xa7/0x180 [ice]\n ice_initialize_vf_entry+0x1fa/0x250 [ice]\n ice_sriov_configure+0x8d7/0x1520 [ice]\n ? __percpu_ref_switch_mode+0x1b1/0x5d0\n ? __pfx_ice_sriov_configure+0x10/0x10 [ice]\n\nSometimes a KASAN report can be seen instead with a similar stack trace:\n BUG: KASAN: use-after-free in __list_add_valid_or_report+0xf1/0x100\n\nVFs are added to this list in ice_mbx_init_vf_info(), but only removed\nin ice_free_vfs(). Move the removing to ice_free_vf_entries(), which is\nalso being called in other places where VFs are being removed (including\nice_free_vfs() itself).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21883",
"url": "https://www.suse.com/security/cve/CVE-2025-21883"
},
{
"category": "external",
"summary": "SUSE Bug 1240189 for CVE-2025-21883",
"url": "https://bugzilla.suse.com/1240189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: better track kernel sockets lifetime\n\nWhile kernel sockets are dismantled during pernet_operations-\u003eexit(),\ntheir freeing can be delayed by any tx packets still held in qdisc\nor device queues, due to skb_set_owner_w() prior calls.\n\nThis then trigger the following warning from ref_tracker_dir_exit() [1]\n\nTo fix this, make sure that kernel sockets own a reference on net-\u003epassive.\n\nAdd sk_net_refcnt_upgrade() helper, used whenever a kernel socket\nis converted to a refcounted one.\n\n[1]\n\n[ 136.263918][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.263918][ T35] sk_alloc+0x2b3/0x370\n[ 136.263918][ T35] inet6_create+0x6ce/0x10f0\n[ 136.263918][ T35] __sock_create+0x4c0/0xa30\n[ 136.263918][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.263918][ T35] igmp6_net_init+0x39/0x390\n[ 136.263918][ T35] ops_init+0x31e/0x590\n[ 136.263918][ T35] setup_net+0x287/0x9e0\n[ 136.263918][ T35] copy_net_ns+0x33f/0x570\n[ 136.263918][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.263918][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.263918][ T35] ksys_unshare+0x57d/0xa70\n[ 136.263918][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.263918][ T35] do_syscall_64+0xf3/0x230\n[ 136.263918][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 136.263918][ T35]\n[ 136.343488][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.343488][ T35] sk_alloc+0x2b3/0x370\n[ 136.343488][ T35] inet6_create+0x6ce/0x10f0\n[ 136.343488][ T35] __sock_create+0x4c0/0xa30\n[ 136.343488][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.343488][ T35] ndisc_net_init+0xa7/0x2b0\n[ 136.343488][ T35] ops_init+0x31e/0x590\n[ 136.343488][ T35] setup_net+0x287/0x9e0\n[ 136.343488][ T35] copy_net_ns+0x33f/0x570\n[ 136.343488][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.343488][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.343488][ T35] ksys_unshare+0x57d/0xa70\n[ 136.343488][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.343488][ T35] do_syscall_64+0xf3/0x230\n[ 136.343488][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21884",
"url": "https://www.suse.com/security/cve/CVE-2025-21884"
},
{
"category": "external",
"summary": "SUSE Bug 1240171 for CVE-2025-21884",
"url": "https://bugzilla.suse.com/1240171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21884"
},
{
"cve": "CVE-2025-21885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix the page details for the srq created by kernel consumers\n\nWhile using nvme target with use_srq on, below kernel panic is noticed.\n\n[ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514)\n[ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n..\n[ 566.393799] \u003cTASK\u003e\n[ 566.393807] ? __die_body+0x1a/0x60\n[ 566.393823] ? die+0x38/0x60\n[ 566.393835] ? do_trap+0xe4/0x110\n[ 566.393847] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393867] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393881] ? do_error_trap+0x7c/0x120\n[ 566.393890] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393911] ? exc_divide_error+0x34/0x50\n[ 566.393923] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393939] ? asm_exc_divide_error+0x16/0x20\n[ 566.393966] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393997] bnxt_qplib_create_srq+0xc9/0x340 [bnxt_re]\n[ 566.394040] bnxt_re_create_srq+0x335/0x3b0 [bnxt_re]\n[ 566.394057] ? srso_return_thunk+0x5/0x5f\n[ 566.394068] ? __init_swait_queue_head+0x4a/0x60\n[ 566.394090] ib_create_srq_user+0xa7/0x150 [ib_core]\n[ 566.394147] nvmet_rdma_queue_connect+0x7d0/0xbe0 [nvmet_rdma]\n[ 566.394174] ? lock_release+0x22c/0x3f0\n[ 566.394187] ? srso_return_thunk+0x5/0x5f\n\nPage size and shift info is set only for the user space SRQs.\nSet page size and page shift for kernel space SRQs also.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21885",
"url": "https://www.suse.com/security/cve/CVE-2025-21885"
},
{
"category": "external",
"summary": "SUSE Bug 1240169 for CVE-2025-21885",
"url": "https://bugzilla.suse.com/1240169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP hang on parent deregistration\n\nFix the destroy_unused_implicit_child_mr() to prevent hanging during\nparent deregistration as of below [1].\n\nUpon entering destroy_unused_implicit_child_mr(), the reference count\nfor the implicit MR parent is incremented using:\nrefcount_inc_not_zero().\n\nA corresponding decrement must be performed if\nfree_implicit_child_mr_work() is not called.\n\nThe code has been updated to properly manage the reference count that\nwas incremented.\n\n[1]\nINFO: task python3:2157 blocked for more than 120 seconds.\nNot tainted 6.12.0-rc7+ #1633\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:python3 state:D stack:0 pid:2157 tgid:2157 ppid:1685 flags:0x00000000\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\n__mlx5_ib_dereg_mr+0x379/0x5d0 [mlx5_ib]\n? __pfx_autoremove_wake_function+0x10/0x10\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n __x64_sys_ioctl+0x1b0/0xa70\n? kmem_cache_free+0x221/0x400\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f20f21f017b\nRSP: 002b:00007ffcfc4a77c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffcfc4a78d8 RCX: 00007f20f21f017b\nRDX: 00007ffcfc4a78c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffcfc4a78a0 R08: 000056147d125190 R09: 00007f20f1f14c60\nR10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcfc4a7890\nR13: 000000000000001c R14: 000056147d100fc0 R15: 00007f20e365c9d0\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21886",
"url": "https://www.suse.com/security/cve/CVE-2025-21886"
},
{
"category": "external",
"summary": "SUSE Bug 1240188 for CVE-2025-21886",
"url": "https://bugzilla.suse.com/1240188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up\n\nThe issue was caused by dput(upper) being called before\novl_dentry_update_reval(), while upper-\u003ed_flags was still\naccessed in ovl_dentry_remote().\n\nMove dput(upper) after its last use to prevent use-after-free.\n\nBUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\nBUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\n ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n ovl_link_up fs/overlayfs/copy_up.c:610 [inline]\n ovl_copy_up_one+0x2105/0x3490 fs/overlayfs/copy_up.c:1170\n ovl_copy_up_flags+0x18d/0x200 fs/overlayfs/copy_up.c:1223\n ovl_rename+0x39e/0x18c0 fs/overlayfs/dir.c:1136\n vfs_rename+0xf84/0x20a0 fs/namei.c:4893\n...\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21887",
"url": "https://www.suse.com/security/cve/CVE-2025-21887"
},
{
"category": "external",
"summary": "SUSE Bug 1240176 for CVE-2025-21887",
"url": "https://bugzilla.suse.com/1240176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21887"
},
{
"cve": "CVE-2025-21888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a WARN during dereg_mr for DM type\n\nMemory regions (MR) of type DM (device memory) do not have an associated\numem.\n\nIn the __mlx5_ib_dereg_mr() -\u003e mlx5_free_priv_descs() flow, the code\nincorrectly takes the wrong branch, attempting to call\ndma_unmap_single() on a DMA address that is not mapped.\n\nThis results in a WARN [1], as shown below.\n\nThe issue is resolved by properly accounting for the DM type and\nensuring the correct branch is selected in mlx5_free_priv_descs().\n\n[1]\nWARNING: CPU: 12 PID: 1346 at drivers/iommu/dma-iommu.c:1230 iommu_dma_unmap_page+0x79/0x90\nModules linked in: ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry ovelay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\nCPU: 12 UID: 0 PID: 1346 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1631\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:iommu_dma_unmap_page+0x79/0x90\nCode: 2b 49 3b 29 72 26 49 3b 69 08 73 20 4d 89 f0 44 89 e9 4c 89 e2 48 89 ee 48 89 df 5b 5d 41 5c 41 5d 41 5e 41 5f e9 07 b8 88 ff \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 66 0f 1f 44 00\nRSP: 0018:ffffc90001913a10 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810194b0a8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001\nRBP: ffff88810194b0a8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f537abdd740(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f537aeb8000 CR3: 000000010c248001 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x84/0x190\n? iommu_dma_unmap_page+0x79/0x90\n? report_bug+0xf8/0x1c0\n? handle_bug+0x55/0x90\n? exc_invalid_op+0x13/0x60\n? asm_exc_invalid_op+0x16/0x20\n? iommu_dma_unmap_page+0x79/0x90\ndma_unmap_page_attrs+0xe6/0x290\nmlx5_free_priv_descs+0xb0/0xe0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x37e/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f537adaf17b\nCode: 0f 1e fa 48 8b 05 1d ad 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed ac 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffff218f0b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffff218f1d8 RCX: 00007f537adaf17b\nRDX: 00007ffff218f1c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffff218f1a0 R08: 00007f537aa8d010 R09: 0000561ee2e4f270\nR10: 00007f537aace3a8 R11: 0000000000000246 R12: 00007ffff218f190\nR13: 000000000000001c R14: 0000561ee2e4d7c0 R15: 00007ffff218f450\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21888",
"url": "https://www.suse.com/security/cve/CVE-2025-21888"
},
{
"category": "external",
"summary": "SUSE Bug 1240177 for CVE-2025-21888",
"url": "https://bugzilla.suse.com/1240177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Add RCU read lock protection to perf_iterate_ctx()\n\nThe perf_iterate_ctx() function performs RCU list traversal but\ncurrently lacks RCU read lock protection. This causes lockdep warnings\nwhen running perf probe with unshare(1) under CONFIG_PROVE_RCU_LIST=y:\n\n\tWARNING: suspicious RCU usage\n\tkernel/events/core.c:8168 RCU-list traversed in non-reader section!!\n\n\t Call Trace:\n\t lockdep_rcu_suspicious\n\t ? perf_event_addr_filters_apply\n\t perf_iterate_ctx\n\t perf_event_exec\n\t begin_new_exec\n\t ? load_elf_phdrs\n\t load_elf_binary\n\t ? lock_acquire\n\t ? find_held_lock\n\t ? bprm_execve\n\t bprm_execve\n\t do_execveat_common.isra.0\n\t __x64_sys_execve\n\t do_syscall_64\n\t entry_SYSCALL_64_after_hwframe\n\nThis protection was previously present but was removed in commit\nbd2756811766 (\"perf: Rewrite core context handling\"). Add back the\nnecessary rcu_read_lock()/rcu_read_unlock() pair around\nperf_iterate_ctx() call in perf_event_exec().\n\n[ mingo: Use scoped_guard() as suggested by Peter ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21889",
"url": "https://www.suse.com/security/cve/CVE-2025-21889"
},
{
"category": "external",
"summary": "SUSE Bug 1240167 for CVE-2025-21889",
"url": "https://bugzilla.suse.com/1240167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21889"
},
{
"cve": "CVE-2025-21890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix checksums set in idpf_rx_rsc()\n\nidpf_rx_rsc() uses skb_transport_offset(skb) while the transport header\nis not set yet.\n\nThis triggers the following warning for CONFIG_DEBUG_NET=y builds.\n\nDEBUG_NET_WARN_ON_ONCE(!skb_transport_header_was_set(skb))\n\n[ 69.261620] WARNING: CPU: 7 PID: 0 at ./include/linux/skbuff.h:3020 idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261629] Modules linked in: vfat fat dummy bridge intel_uncore_frequency_tpmi intel_uncore_frequency_common intel_vsec_tpmi idpf intel_vsec cdc_ncm cdc_eem cdc_ether usbnet mii xhci_pci xhci_hcd ehci_pci ehci_hcd libeth\n[ 69.261644] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Tainted: G S W 6.14.0-smp-DEV #1697\n[ 69.261648] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN\n[ 69.261650] RIP: 0010:idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261677] ? __warn (kernel/panic.c:242 kernel/panic.c:748)\n[ 69.261682] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261687] ? report_bug (lib/bug.c:?)\n[ 69.261690] ? handle_bug (arch/x86/kernel/traps.c:285)\n[ 69.261694] ? exc_invalid_op (arch/x86/kernel/traps.c:309)\n[ 69.261697] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 69.261700] ? __pfx_idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:4011) idpf\n[ 69.261704] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261708] ? idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:3072) idpf\n[ 69.261712] __napi_poll (net/core/dev.c:7194)\n[ 69.261716] net_rx_action (net/core/dev.c:7265)\n[ 69.261718] ? __qdisc_run (net/sched/sch_generic.c:293)\n[ 69.261721] ? sched_clock (arch/x86/include/asm/preempt.h:84 arch/x86/kernel/tsc.c:288)\n[ 69.261726] handle_softirqs (kernel/softirq.c:561)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21890",
"url": "https://www.suse.com/security/cve/CVE-2025-21890"
},
{
"category": "external",
"summary": "SUSE Bug 1240173 for CVE-2025-21890",
"url": "https://bugzilla.suse.com/1240173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21891",
"url": "https://www.suse.com/security/cve/CVE-2025-21891"
},
{
"category": "external",
"summary": "SUSE Bug 1240186 for CVE-2025-21891",
"url": "https://bugzilla.suse.com/1240186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix the recovery flow of the UMR QP\n\nThis patch addresses an issue in the recovery flow of the UMR QP,\nensuring tasks do not get stuck, as highlighted by the call trace [1].\n\nDuring recovery, before transitioning the QP to the RESET state, the\nsoftware must wait for all outstanding WRs to complete.\n\nFailing to do so can cause the firmware to skip sending some flushed\nCQEs with errors and simply discard them upon the RESET, as per the IB\nspecification.\n\nThis race condition can result in lost CQEs and tasks becoming stuck.\n\nTo resolve this, the patch sends a final WR which serves only as a\nbarrier before moving the QP state to RESET.\n\nOnce a CQE is received for that final WR, it guarantees that no\noutstanding WRs remain, making it safe to transition the QP to RESET and\nsubsequently back to RTS, restoring proper functionality.\n\nNote:\nFor the barrier WR, we simply reuse the failed and ready WR.\nSince the QP is in an error state, it will only receive\nIB_WC_WR_FLUSH_ERR. However, as it serves only as a barrier we don\u0027t\ncare about its status.\n\n[1]\nINFO: task rdma_resource_l:1922 blocked for more than 120 seconds.\nTainted: G W 6.12.0-rc7+ #1626\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:rdma_resource_l state:D stack:0 pid:1922 tgid:1922 ppid:1369\n flags:0x00004004\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\nschedule_timeout+0x280/0x300\n? mark_held_locks+0x48/0x80\n? lockdep_hardirqs_on_prepare+0xe5/0x1a0\nwait_for_completion+0x75/0x130\nmlx5r_umr_post_send_wait+0x3c2/0x5b0 [mlx5_ib]\n? __pfx_mlx5r_umr_done+0x10/0x10 [mlx5_ib]\nmlx5r_umr_revoke_mr+0x93/0xc0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x299/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? __lock_acquire+0x64e/0x2080\n? mark_held_locks+0x48/0x80\n? find_held_lock+0x2d/0xa0\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? __fget_files+0xc3/0x1b0\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f99c918b17b\nRSP: 002b:00007ffc766d0468 EFLAGS: 00000246 ORIG_RAX:\n 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffc766d0578 RCX:\n 00007f99c918b17b\nRDX: 00007ffc766d0560 RSI: 00000000c0181b01 RDI:\n 0000000000000003\nRBP: 00007ffc766d0540 R08: 00007f99c8f99010 R09:\n 000000000000bd7e\nR10: 00007f99c94c1c70 R11: 0000000000000246 R12:\n 00007ffc766d0530\nR13: 000000000000001c R14: 0000000040246a80 R15:\n 0000000000000000\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21892",
"url": "https://www.suse.com/security/cve/CVE-2025-21892"
},
{
"category": "external",
"summary": "SUSE Bug 1240175 for CVE-2025-21892",
"url": "https://bugzilla.suse.com/1240175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21892"
},
{
"cve": "CVE-2025-21894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21894"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC\n\nActually ENETC VFs do not support HWTSTAMP_TX_ONESTEP_SYNC because only\nENETC PF can access PMa_SINGLE_STEP registers. And there will be a crash\nif VFs are used to test one-step timestamp, the crash log as follows.\n\n[ 129.110909] Unable to handle kernel paging request at virtual address 00000000000080c0\n[ 129.287769] Call trace:\n[ 129.290219] enetc_port_mac_wr+0x30/0xec (P)\n[ 129.294504] enetc_start_xmit+0xda4/0xe74\n[ 129.298525] enetc_xmit+0x70/0xec\n[ 129.301848] dev_hard_start_xmit+0x98/0x118",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21894",
"url": "https://www.suse.com/security/cve/CVE-2025-21894"
},
{
"category": "external",
"summary": "SUSE Bug 1240581 for CVE-2025-21894",
"url": "https://bugzilla.suse.com/1240581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21894"
},
{
"cve": "CVE-2025-21895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Order the PMU list to fix warning about unordered pmu_ctx_list\n\nSyskaller triggers a warning due to prev_epc-\u003epmu != next_epc-\u003epmu in\nperf_event_swap_task_ctx_data(). vmcore shows that two lists have the same\nperf_event_pmu_context, but not in the same order.\n\nThe problem is that the order of pmu_ctx_list for the parent is impacted by\nthe time when an event/PMU is added. While the order for a child is\nimpacted by the event order in the pinned_groups and flexible_groups. So\nthe order of pmu_ctx_list in the parent and child may be different.\n\nTo fix this problem, insert the perf_event_pmu_context to its proper place\nafter iteration of the pmu_ctx_list.\n\nThe follow testcase can trigger above warning:\n\n # perf record -e cycles --call-graph lbr -- taskset -c 3 ./a.out \u0026\n # perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out\n\n test.c\n\n void main() {\n int count = 0;\n pid_t pid;\n\n printf(\"%d running\\n\", getpid());\n sleep(30);\n printf(\"running\\n\");\n\n pid = fork();\n if (pid == -1) {\n printf(\"fork error\\n\");\n return;\n }\n if (pid == 0) {\n while (1) {\n count++;\n }\n } else {\n while (1) {\n count++;\n }\n }\n }\n\nThe testcase first opens an LBR event, so it will allocate task_ctx_data,\nand then open tracepoint and software events, so the parent context will\nhave 3 different perf_event_pmu_contexts. On inheritance, child ctx will\ninsert the perf_event_pmu_context in another order and the warning will\ntrigger.\n\n[ mingo: Tidied up the changelog. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21895",
"url": "https://www.suse.com/security/cve/CVE-2025-21895"
},
{
"category": "external",
"summary": "SUSE Bug 1240585 for CVE-2025-21895",
"url": "https://bugzilla.suse.com/1240585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21895"
},
{
"cve": "CVE-2025-21905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: limit printed string from FW file\n\nThere\u0027s no guarantee here that the file is always with a\nNUL-termination, so reading the string may read beyond the\nend of the TLV. If that\u0027s the last TLV in the file, it can\nperhaps even read beyond the end of the file buffer.\n\nFix that by limiting the print format to the size of the\nbuffer we have.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21905",
"url": "https://www.suse.com/security/cve/CVE-2025-21905"
},
{
"category": "external",
"summary": "SUSE Bug 1240575 for CVE-2025-21905",
"url": "https://bugzilla.suse.com/1240575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21905"
},
{
"cve": "CVE-2025-21906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: clean up ROC on failure\n\nIf the firmware fails to start the session protection, then we\ndo call iwl_mvm_roc_finished() here, but that won\u0027t do anything\nat all because IWL_MVM_STATUS_ROC_P2P_RUNNING was never set.\nSet IWL_MVM_STATUS_ROC_P2P_RUNNING in the failure/stop path.\nIf it started successfully before, it\u0027s already set, so that\ndoesn\u0027t matter, and if it didn\u0027t start it needs to be set to\nclean up.\n\nNot doing so will lead to a WARN_ON() later on a fresh remain-\non-channel, since the link is already active when activated as\nit was never deactivated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21906",
"url": "https://www.suse.com/security/cve/CVE-2025-21906"
},
{
"category": "external",
"summary": "SUSE Bug 1240587 for CVE-2025-21906",
"url": "https://bugzilla.suse.com/1240587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21906"
},
{
"cve": "CVE-2025-21908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21908"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\n\nAdd PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so\nnfs_release_folio() can skip calling nfs_wb_folio() from kcompactd.\n\nOtherwise NFS can deadlock waiting for kcompactd enduced writeback which\nrecurses back to NFS (which triggers writeback to NFSD via NFS loopback\nmount on the same host, NFSD blocks waiting for XFS\u0027s call to\n__filemap_get_folio):\n\n6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds.\n\n{---\n[58] \"kcompactd0\"\n[\u003c0\u003e] folio_wait_bit+0xe8/0x200\n[\u003c0\u003e] folio_wait_writeback+0x2b/0x80\n[\u003c0\u003e] nfs_wb_folio+0x80/0x1b0 [nfs]\n[\u003c0\u003e] nfs_release_folio+0x68/0x130 [nfs]\n[\u003c0\u003e] split_huge_page_to_list_to_order+0x362/0x840\n[\u003c0\u003e] migrate_pages_batch+0x43d/0xb90\n[\u003c0\u003e] migrate_pages_sync+0x9a/0x240\n[\u003c0\u003e] migrate_pages+0x93c/0x9f0\n[\u003c0\u003e] compact_zone+0x8e2/0x1030\n[\u003c0\u003e] compact_node+0xdb/0x120\n[\u003c0\u003e] kcompactd+0x121/0x2e0\n[\u003c0\u003e] kthread+0xcf/0x100\n[\u003c0\u003e] ret_from_fork+0x31/0x40\n[\u003c0\u003e] ret_from_fork_asm+0x1a/0x30\n---}\n\n[akpm@linux-foundation.org: fix build]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21908",
"url": "https://www.suse.com/security/cve/CVE-2025-21908"
},
{
"category": "external",
"summary": "SUSE Bug 1240600 for CVE-2025-21908",
"url": "https://bugzilla.suse.com/1240600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21908"
},
{
"cve": "CVE-2025-21909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject cooked mode if it is set along with other flags\n\nIt is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE\nflags simultaneously on the same monitor interface from the userspace. This\ncauses a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit\nset because the monitor interface is in the cooked state and it takes\nprecedence over all other states. When the interface is then being deleted\nthe kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing\nthat bit.\n\nFix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with\nother flags.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21909",
"url": "https://www.suse.com/security/cve/CVE-2025-21909"
},
{
"category": "external",
"summary": "SUSE Bug 1240590 for CVE-2025-21909",
"url": "https://bugzilla.suse.com/1240590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21909"
},
{
"cve": "CVE-2025-21910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: regulatory: improve invalid hints checking\n\nSyzbot keeps reporting an issue [1] that occurs when erroneous symbols\nsent from userspace get through into user_alpha2[] via\nregulatory_hint_user() call. Such invalid regulatory hints should be\nrejected.\n\nWhile a sanity check from commit 47caf685a685 (\"cfg80211: regulatory:\nreject invalid hints\") looks to be enough to deter these very cases,\nthere is a way to get around it due to 2 reasons.\n\n1) The way isalpha() works, symbols other than latin lower and\nupper letters may be used to determine a country/domain.\nFor instance, greek letters will also be considered upper/lower\nletters and for such characters isalpha() will return true as well.\nHowever, ISO-3166-1 alpha2 codes should only hold latin\ncharacters.\n\n2) While processing a user regulatory request, between\nreg_process_hint_user() and regulatory_hint_user() there happens to\nbe a call to queue_regulatory_request() which modifies letters in\nrequest-\u003ealpha2[] with toupper(). This works fine for latin symbols,\nless so for weird letter characters from the second part of _ctype[].\n\nSyzbot triggers a warning in is_user_regdom_saved() by first sending\nover an unexpected non-latin letter that gets malformed by toupper()\ninto a character that ends up failing isalpha() check.\n\nPrevent this by enhancing is_an_alpha2() to ensure that incoming\nsymbols are latin letters and nothing else.\n\n[1] Syzbot report:\n------------[ cut here ]------------\nUnexpected user alpha2: A\ufffd\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 is_user_regdom_saved net/wireless/reg.c:440 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_alpha2 net/wireless/reg.c:3424 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\nModules linked in:\nCPU: 1 UID: 0 PID: 964 Comm: kworker/1:2 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events_power_efficient crda_timeout_work\nRIP: 0010:is_user_regdom_saved net/wireless/reg.c:440 [inline]\nRIP: 0010:restore_alpha2 net/wireless/reg.c:3424 [inline]\nRIP: 0010:restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\n...\nCall Trace:\n \u003cTASK\u003e\n crda_timeout_work+0x27/0x50 net/wireless/reg.c:542\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f2/0x390 kernel/kthread.c:389\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21910",
"url": "https://www.suse.com/security/cve/CVE-2025-21910"
},
{
"category": "external",
"summary": "SUSE Bug 1240583 for CVE-2025-21910",
"url": "https://bugzilla.suse.com/1240583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21910"
},
{
"cve": "CVE-2025-21912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: rcar: Use raw_spinlock to protect register access\n\nUse raw_spinlock in order to fix spurious messages about invalid context\nwhen spinlock debugging is enabled. The lock is only used to serialize\nregister access.\n\n [ 4.239592] =============================\n [ 4.239595] [ BUG: Invalid wait context ]\n [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted\n [ 4.239603] -----------------------------\n [ 4.239606] kworker/u8:5/76 is trying to lock:\n [ 4.239609] ffff0000091898a0 (\u0026p-\u003elock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.239641] other info that might help us debug this:\n [ 4.239643] context-{5:5}\n [ 4.239646] 5 locks held by kworker/u8:5/76:\n [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c\n [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n [ 4.254094] #1: ffff80008299bd80 ((work_completion)(\u0026entry-\u003ework)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c\n [ 4.254109] #2: ffff00000920c8f8\n [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027bitclock-master\u0027 with a value.\n [ 4.264803] (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc\n [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690\n [ 4.264840] #4:\n [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690\n [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz\n [ 4.304082] stack backtrace:\n [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35\n [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT)\n [ 4.304097] Workqueue: async async_run_entry_fn\n [ 4.304106] Call trace:\n [ 4.304110] show_stack+0x14/0x20 (C)\n [ 4.304122] dump_stack_lvl+0x6c/0x90\n [ 4.304131] dump_stack+0x14/0x1c\n [ 4.304138] __lock_acquire+0xdfc/0x1584\n [ 4.426274] lock_acquire+0x1c4/0x33c\n [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80\n [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8\n [ 4.444422] __irq_set_trigger+0x5c/0x178\n [ 4.448435] __setup_irq+0x2e4/0x690\n [ 4.452012] request_threaded_irq+0xc4/0x190\n [ 4.456285] devm_request_threaded_irq+0x7c/0xf4\n [ 4.459398] ata1: link resume succeeded after 1 retries\n [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0\n [ 4.470660] mmc_start_host+0x50/0xac\n [ 4.474327] mmc_add_host+0x80/0xe4\n [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440\n [ 4.482094] renesas_sdhi_probe+0x488/0x6f4\n [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78\n [ 4.491509] platform_probe+0x64/0xd8\n [ 4.495178] really_probe+0xb8/0x2a8\n [ 4.498756] __driver_probe_device+0x74/0x118\n [ 4.503116] driver_probe_device+0x3c/0x154\n [ 4.507303] __device_attach_driver+0xd4/0x160\n [ 4.511750] bus_for_each_drv+0x84/0xe0\n [ 4.515588] __device_attach_async_helper+0xb0/0xdc\n [ 4.520470] async_run_entry_fn+0x30/0xd8\n [ 4.524481] process_one_work+0x210/0x62c\n [ 4.528494] worker_thread+0x1ac/0x340\n [ 4.532245] kthread+0x10c/0x110\n [ 4.535476] ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21912",
"url": "https://www.suse.com/security/cve/CVE-2025-21912"
},
{
"category": "external",
"summary": "SUSE Bug 1240584 for CVE-2025-21912",
"url": "https://bugzilla.suse.com/1240584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21912"
},
{
"cve": "CVE-2025-21913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()\n\nXen doesn\u0027t offer MSR_FAM10H_MMIO_CONF_BASE to all guests. This results\nin the following warning:\n\n unchecked MSR access error: RDMSR from 0xc0010058 at rIP: 0xffffffff8101d19f (xen_do_read_msr+0x7f/0xa0)\n Call Trace:\n xen_read_msr+0x1e/0x30\n amd_get_mmconfig_range+0x2b/0x80\n quirk_amd_mmconfig_area+0x28/0x100\n pnp_fixup_device+0x39/0x50\n __pnp_add_device+0xf/0x150\n pnp_add_device+0x3d/0x100\n pnpacpi_add_device_handler+0x1f9/0x280\n acpi_ns_get_device_callback+0x104/0x1c0\n acpi_ns_walk_namespace+0x1d0/0x260\n acpi_get_devices+0x8a/0xb0\n pnpacpi_init+0x50/0x80\n do_one_initcall+0x46/0x2e0\n kernel_init_freeable+0x1da/0x2f0\n kernel_init+0x16/0x1b0\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1b/0x30\n\nbased on quirks for a \"PNP0c01\" device. Treating MMCFG as disabled is the\nright course of action, so no change is needed there.\n\nThis was most likely exposed by fixing the Xen MSR accessors to not be\nsilently-safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21913",
"url": "https://www.suse.com/security/cve/CVE-2025-21913"
},
{
"category": "external",
"summary": "SUSE Bug 1240591 for CVE-2025-21913",
"url": "https://bugzilla.suse.com/1240591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21913"
},
{
"cve": "CVE-2025-21914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nslimbus: messaging: Free transaction ID in delayed interrupt scenario\n\nIn case of interrupt delay for any reason, slim_do_transfer()\nreturns timeout error but the transaction ID (TID) is not freed.\nThis results into invalid memory access inside\nqcom_slim_ngd_rx_msgq_cb() due to invalid TID.\n\nFix the issue by freeing the TID in slim_do_transfer() before\nreturning timeout error to avoid invalid memory access.\n\nCall trace:\n__memcpy_fromio+0x20/0x190\nqcom_slim_ngd_rx_msgq_cb+0x130/0x290 [slim_qcom_ngd_ctrl]\nvchan_complete+0x2a0/0x4a0\ntasklet_action_common+0x274/0x700\ntasklet_action+0x28/0x3c\n_stext+0x188/0x620\nrun_ksoftirqd+0x34/0x74\nsmpboot_thread_fn+0x1d8/0x464\nkthread+0x178/0x238\nret_from_fork+0x10/0x20\nCode: aa0003e8 91000429 f100044a 3940002b (3800150b)\n---[ end trace 0fe00bec2b975c99 ]---\nKernel panic - not syncing: Oops: Fatal exception in interrupt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21914",
"url": "https://www.suse.com/security/cve/CVE-2025-21914"
},
{
"category": "external",
"summary": "SUSE Bug 1240595 for CVE-2025-21914",
"url": "https://bugzilla.suse.com/1240595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21914"
},
{
"cve": "CVE-2025-21915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21915"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncdx: Fix possible UAF error in driver_override_show()\n\nFixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c\n\nThis function driver_override_show() is part of DEVICE_ATTR_RW, which\nincludes both driver_override_show() and driver_override_store().\nThese functions can be executed concurrently in sysfs.\n\nThe driver_override_store() function uses driver_set_override() to\nupdate the driver_override value, and driver_set_override() internally\nlocks the device (device_lock(dev)). If driver_override_show() reads\ncdx_dev-\u003edriver_override without locking, it could potentially access\na freed pointer if driver_override_store() frees the string\nconcurrently. This could lead to printing a kernel address, which is a\nsecurity risk since DEVICE_ATTR can be read by all users.\n\nAdditionally, a similar pattern is used in drivers/amba/bus.c, as well\nas many other bus drivers, where device_lock() is taken in the show\nfunction, and it has been working without issues.\n\nThis potential bug was detected by our experimental static analysis\ntool, which analyzes locking APIs and paired functions to identify\ndata races and atomicity violations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21915",
"url": "https://www.suse.com/security/cve/CVE-2025-21915"
},
{
"category": "external",
"summary": "SUSE Bug 1240594 for CVE-2025-21915",
"url": "https://bugzilla.suse.com/1240594"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21915"
},
{
"cve": "CVE-2025-21916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21916"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix a flaw in existing endpoint checks\n\nSyzbot once again identified a flaw in usb endpoint checking, see [1].\nThis time the issue stems from a commit authored by me (2eabb655a968\n(\"usb: atm: cxacru: fix endpoint checking in cxacru_bind()\")).\n\nWhile using usb_find_common_endpoints() may usually be enough to\ndiscard devices with wrong endpoints, in this case one needs more\nthan just finding and identifying the sufficient number of endpoints\nof correct types - one needs to check the endpoint\u0027s address as well.\n\nSince cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind,\nswitch the endpoint verification approach to usb_check_XXX_endpoints()\ninstead to fix incomplete ep testing.\n\n[1] Syzbot report:\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nRIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649\n cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline]\n cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223\n usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058\n cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377\n usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396\n really_probe+0x2b9/0xad0 drivers/base/dd.c:658\n __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800\n driver_probe_device+0x50/0x430 drivers/base/dd.c:830\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21916",
"url": "https://www.suse.com/security/cve/CVE-2025-21916"
},
{
"category": "external",
"summary": "SUSE Bug 1240582 for CVE-2025-21916",
"url": "https://bugzilla.suse.com/1240582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21916"
},
{
"cve": "CVE-2025-21917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21917"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Flush the notify_hotplug_work\n\nWhen performing continuous unbind/bind operations on the USB drivers\navailable on the Renesas RZ/G2L SoC, a kernel crash with the message\n\"Unable to handle kernel NULL pointer dereference at virtual address\"\nmay occur. This issue points to the usbhsc_notify_hotplug() function.\n\nFlush the delayed work to avoid its execution when driver resources are\nunavailable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21917",
"url": "https://www.suse.com/security/cve/CVE-2025-21917"
},
{
"category": "external",
"summary": "SUSE Bug 1240596 for CVE-2025-21917",
"url": "https://bugzilla.suse.com/1240596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21917"
},
{
"cve": "CVE-2025-21918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix NULL pointer access\n\nResources should be released only after all threads that utilize them\nhave been destroyed.\nThis commit ensures that resources are not released prematurely by waiting\nfor the associated workqueue to complete before deallocating them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21918",
"url": "https://www.suse.com/security/cve/CVE-2025-21918"
},
{
"category": "external",
"summary": "SUSE Bug 1240592 for CVE-2025-21918",
"url": "https://bugzilla.suse.com/1240592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21918"
},
{
"cve": "CVE-2025-21922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: Fix KMSAN uninit-value warning with bpf\n\nSyzbot caught an \"KMSAN: uninit-value\" warning [1], which is caused by the\nppp driver not initializing a 2-byte header when using socket filter.\n\nThe following code can generate a PPP filter BPF program:\n\u0027\u0027\u0027\nstruct bpf_program fp;\npcap_t *handle;\nhandle = pcap_open_dead(DLT_PPP_PPPD, 65535);\npcap_compile(handle, \u0026fp, \"ip and outbound\", 0, 0);\nbpf_dump(\u0026fp, 1);\n\u0027\u0027\u0027\nIts output is:\n\u0027\u0027\u0027\n(000) ldh [2]\n(001) jeq #0x21 jt 2 jf 5\n(002) ldb [0]\n(003) jeq #0x1 jt 4 jf 5\n(004) ret #65535\n(005) ret #0\n\u0027\u0027\u0027\nWen can find similar code at the following link:\nhttps://github.com/ppp-project/ppp/blob/master/pppd/options.c#L1680\nThe maintainer of this code repository is also the original maintainer\nof the ppp driver.\n\nAs you can see the BPF program skips 2 bytes of data and then reads the\n\u0027Protocol\u0027 field to determine if it\u0027s an IP packet. Then it read the first\nbyte of the first 2 bytes to determine the direction.\n\nThe issue is that only the first byte indicating direction is initialized\nin current ppp driver code while the second byte is not initialized.\n\nFor normal BPF programs generated by libpcap, uninitialized data won\u0027t be\nused, so it\u0027s not a problem. However, for carefully crafted BPF programs,\nsuch as those generated by syzkaller [2], which start reading from offset\n0, the uninitialized data will be used and caught by KMSAN.\n\n[1] https://syzkaller.appspot.com/bug?extid=853242d9c9917165d791\n[2] https://syzkaller.appspot.com/text?tag=ReproC\u0026x=11994913980000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21922",
"url": "https://www.suse.com/security/cve/CVE-2025-21922"
},
{
"category": "external",
"summary": "SUSE Bug 1240639 for CVE-2025-21922",
"url": "https://bugzilla.suse.com/1240639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21922"
},
{
"cve": "CVE-2025-21923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-steam: Fix use-after-free when detaching device\n\nWhen a hid-steam device is removed it must clean up the client_hdev used for\nintercepting hidraw access. This can lead to scheduling deferred work to\nreattach the input device. Though the cleanup cancels the deferred work, this\nwas done before the client_hdev itself is cleaned up, so it gets rescheduled.\nThis patch fixes the ordering to make sure the deferred work is properly\ncanceled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21923",
"url": "https://www.suse.com/security/cve/CVE-2025-21923"
},
{
"category": "external",
"summary": "SUSE Bug 1240691 for CVE-2025-21923",
"url": "https://bugzilla.suse.com/1240691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21923"
},
{
"cve": "CVE-2025-21924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error\n\nDuring the initialization of ptp, hclge_ptp_get_cycle might return an error\nand returned directly without unregister clock and free it. To avoid that,\ncall hclge_ptp_destroy_clock to unregist and free clock if\nhclge_ptp_get_cycle failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21924",
"url": "https://www.suse.com/security/cve/CVE-2025-21924"
},
{
"category": "external",
"summary": "SUSE Bug 1240720 for CVE-2025-21924",
"url": "https://bugzilla.suse.com/1240720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21924"
},
{
"cve": "CVE-2025-21927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()\n\nnvme_tcp_recv_pdu() doesn\u0027t check the validity of the header length.\nWhen header digests are enabled, a target might send a packet with an\ninvalid header length (e.g. 255), causing nvme_tcp_verify_hdgst()\nto access memory outside the allocated area and cause memory corruptions\nby overwriting it with the calculated digest.\n\nFix this by rejecting packets with an unexpected header length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21927",
"url": "https://www.suse.com/security/cve/CVE-2025-21927"
},
{
"category": "external",
"summary": "SUSE Bug 1240714 for CVE-2025-21927",
"url": "https://bugzilla.suse.com/1240714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21927"
},
{
"cve": "CVE-2025-21928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21928"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()\n\nThe system can experience a random crash a few minutes after the driver is\nremoved. This issue occurs due to improper handling of memory freeing in\nthe ishtp_hid_remove() function.\n\nThe function currently frees the `driver_data` directly within the loop\nthat destroys the HID devices, which can lead to accessing freed memory.\nSpecifically, `hid_destroy_device()` uses `driver_data` when it calls\n`hid_ishtp_set_feature()` to power off the sensor, so freeing\n`driver_data` beforehand can result in accessing invalid memory.\n\nThis patch resolves the issue by storing the `driver_data` in a temporary\nvariable before calling `hid_destroy_device()`, and then freeing the\n`driver_data` after the device is destroyed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21928",
"url": "https://www.suse.com/security/cve/CVE-2025-21928"
},
{
"category": "external",
"summary": "SUSE Bug 1240722 for CVE-2025-21928",
"url": "https://bugzilla.suse.com/1240722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21928"
},
{
"cve": "CVE-2025-21930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t try to talk to a dead firmware\n\nThis fixes:\n\n bad state = 0\n WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwl_trans_send_cmd+0xba/0xe0 [iwlwifi]\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0xca/0x1c0\n ? iwl_trans_send_cmd+0xba/0xe0 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4]\n iwl_fw_dbg_clear_monitor_buf+0xd7/0x110 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4]\n _iwl_dbgfs_fw_dbg_clear_write+0xe2/0x120 [iwlmvm 0e8adb18cea92d2c341766bcc10b18699290068a]\n\nAsk whether the firmware is alive before sending a command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21930",
"url": "https://www.suse.com/security/cve/CVE-2025-21930"
},
{
"category": "external",
"summary": "SUSE Bug 1240715 for CVE-2025-21930",
"url": "https://bugzilla.suse.com/1240715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21930"
},
{
"cve": "CVE-2025-21934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: fix an API misues when rio_add_net() fails\n\nrio_add_net() calls device_register() and fails when device_register()\nfails. Thus, put_device() should be used rather than kfree(). Add\n\"mport-\u003enet = NULL;\" to avoid a use after free issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21934",
"url": "https://www.suse.com/security/cve/CVE-2025-21934"
},
{
"category": "external",
"summary": "SUSE Bug 1240708 for CVE-2025-21934",
"url": "https://bugzilla.suse.com/1240708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21934"
},
{
"cve": "CVE-2025-21935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21935"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: add check for rio_add_net() in rio_scan_alloc_net()\n\nThe return value of rio_add_net() should be checked. If it fails,\nput_device() should be called to free the memory and give up the reference\ninitialized in rio_add_net().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21935",
"url": "https://www.suse.com/security/cve/CVE-2025-21935"
},
{
"category": "external",
"summary": "SUSE Bug 1240700 for CVE-2025-21935",
"url": "https://bugzilla.suse.com/1240700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21935"
},
{
"cve": "CVE-2025-21936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21936"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_device_connected() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21936",
"url": "https://www.suse.com/security/cve/CVE-2025-21936"
},
{
"category": "external",
"summary": "SUSE Bug 1240716 for CVE-2025-21936",
"url": "https://bugzilla.suse.com/1240716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21936"
},
{
"cve": "CVE-2025-21937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_remote_name() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21937",
"url": "https://www.suse.com/security/cve/CVE-2025-21937"
},
{
"category": "external",
"summary": "SUSE Bug 1240643 for CVE-2025-21937",
"url": "https://bugzilla.suse.com/1240643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21937"
},
{
"cve": "CVE-2025-21941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21941"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params\n\nNull pointer dereference issue could occur when pipe_ctx-\u003eplane_state\nis null. The fix adds a check to ensure \u0027pipe_ctx-\u003eplane_state\u0027 is not\nnull before accessing. This prevents a null pointer dereference.\n\nFound by code review.\n\n(cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21941",
"url": "https://www.suse.com/security/cve/CVE-2025-21941"
},
{
"category": "external",
"summary": "SUSE Bug 1240701 for CVE-2025-21941",
"url": "https://bugzilla.suse.com/1240701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21941"
},
{
"cve": "CVE-2025-21943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: aggregator: protect driver attr handlers against module unload\n\nBoth new_device_store and delete_device_store touch module global\nresources (e.g. gpio_aggregator_lock). To prevent race conditions with\nmodule unload, a reference needs to be held.\n\nAdd try_module_get() in these handlers.\n\nFor new_device_store, this eliminates what appears to be the most dangerous\nscenario: if an id is allocated from gpio_aggregator_idr but\nplatform_device_register has not yet been called or completed, a concurrent\nmodule unload could fail to unregister/delete the device, leaving behind a\ndangling platform device/GPIO forwarder. This can result in various issues.\nThe following simple reproducer demonstrates these problems:\n\n #!/bin/bash\n while :; do\n # note: whether \u0027gpiochip0 0\u0027 exists or not does not matter.\n echo \u0027gpiochip0 0\u0027 \u003e /sys/bus/platform/drivers/gpio-aggregator/new_device\n done \u0026\n while :; do\n modprobe gpio-aggregator\n modprobe -r gpio-aggregator\n done \u0026\n wait\n\n Starting with the following warning, several kinds of warnings will appear\n and the system may become unstable:\n\n ------------[ cut here ]------------\n list_del corruption, ffff888103e2e980-\u003enext is LIST_POISON1 (dead000000000100)\n WARNING: CPU: 1 PID: 1327 at lib/list_debug.c:56 __list_del_entry_valid_or_report+0xa3/0x120\n [...]\n RIP: 0010:__list_del_entry_valid_or_report+0xa3/0x120\n [...]\n Call Trace:\n \u003cTASK\u003e\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? __warn.cold+0x93/0xf2\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? report_bug+0xe6/0x170\n ? __irq_work_queue_local+0x39/0xe0\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x13/0x60\n ? asm_exc_invalid_op+0x16/0x20\n ? __list_del_entry_valid_or_report+0xa3/0x120\n gpiod_remove_lookup_table+0x22/0x60\n new_device_store+0x315/0x350 [gpio_aggregator]\n kernfs_fop_write_iter+0x137/0x1f0\n vfs_write+0x262/0x430\n ksys_write+0x60/0xd0\n do_syscall_64+0x6c/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21943",
"url": "https://www.suse.com/security/cve/CVE-2025-21943"
},
{
"category": "external",
"summary": "SUSE Bug 1240647 for CVE-2025-21943",
"url": "https://bugzilla.suse.com/1240647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21943"
},
{
"cve": "CVE-2025-21948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: appleir: Fix potential NULL dereference at raw event handle\n\nSyzkaller reports a NULL pointer dereference issue in input_event().\n\nBUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline]\nBUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: null-ptr-deref in is_event_supported drivers/input/input.c:67 [inline]\nBUG: KASAN: null-ptr-deref in input_event+0x42/0xa0 drivers/input/input.c:395\nRead of size 8 at addr 0000000000000028 by task syz-executor199/2949\n\nCPU: 0 UID: 0 PID: 2949 Comm: syz-executor199 Not tainted 6.13.0-rc4-syzkaller-00076-gf097a36ef88d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read include/linux/instrumented.h:68 [inline]\n _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\n is_event_supported drivers/input/input.c:67 [inline]\n input_event+0x42/0xa0 drivers/input/input.c:395\n input_report_key include/linux/input.h:439 [inline]\n key_down drivers/hid/hid-appleir.c:159 [inline]\n appleir_raw_event+0x3e5/0x5e0 drivers/hid/hid-appleir.c:232\n __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2111\n hid_ctrl+0x49f/0x550 drivers/hid/usbhid/hid-core.c:484\n __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650\n usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734\n dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1993\n __run_hrtimer kernel/time/hrtimer.c:1739 [inline]\n __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1803\n hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1820\n handle_softirqs+0x206/0x8d0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\n __mod_timer+0x8f6/0xdc0 kernel/time/timer.c:1185\n add_timer+0x62/0x90 kernel/time/timer.c:1295\n schedule_timeout+0x11f/0x280 kernel/time/sleep_timeout.c:98\n usbhid_wait_io+0x1c7/0x380 drivers/hid/usbhid/hid-core.c:645\n usbhid_init_reports+0x19f/0x390 drivers/hid/usbhid/hid-core.c:784\n hiddev_ioctl+0x1133/0x15b0 drivers/hid/usbhid/hiddev.c:794\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nThis happens due to the malformed report items sent by the emulated device\nwhich results in a report, that has no fields, being added to the report list.\nDue to this appleir_input_configured() is never called, hidinput_connect()\nfails which results in the HID_CLAIMED_INPUT flag is not being set. However,\nit does not make appleir_probe() fail and lets the event callback to be\ncalled without the associated input device.\n\nThus, add a check for the HID_CLAIMED_INPUT flag and leave the event hook\nearly if the driver didn\u0027t claim any input_dev for some reason. Moreover,\nsome other hid drivers accessing input_dev in their event callbacks do have\nsimilar checks, too.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21948",
"url": "https://www.suse.com/security/cve/CVE-2025-21948"
},
{
"category": "external",
"summary": "SUSE Bug 1240703 for CVE-2025-21948",
"url": "https://bugzilla.suse.com/1240703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21948"
},
{
"cve": "CVE-2025-21950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl\n\nIn the \"pmcmd_ioctl\" function, three memory objects allocated by\nkmalloc are initialized by \"hcall_get_cpu_state\", which are then\ncopied to user space. The initializer is indeed implemented in\n\"acrn_hypercall2\" (arch/x86/include/asm/acrn.h). There is a risk of\ninformation leakage due to uninitialized bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21950",
"url": "https://www.suse.com/security/cve/CVE-2025-21950"
},
{
"category": "external",
"summary": "SUSE Bug 1240719 for CVE-2025-21950",
"url": "https://bugzilla.suse.com/1240719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21950"
},
{
"cve": "CVE-2025-21951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21951"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock\n\nThere are multiple places from where the recovery work gets scheduled\nasynchronously. Also, there are multiple places where the caller waits\nsynchronously for the recovery to be completed. One such place is during\nthe PM shutdown() callback.\n\nIf the device is not alive during recovery_work, it will try to reset the\ndevice using pci_reset_function(). This function internally will take the\ndevice_lock() first before resetting the device. By this time, if the lock\nhas already been acquired, then recovery_work will get stalled while\nwaiting for the lock. And if the lock was already acquired by the caller\nwhich waits for the recovery_work to be completed, it will lead to\ndeadlock.\n\nThis is what happened on the X1E80100 CRD device when the device died\nbefore shutdown() callback. Driver core calls the driver\u0027s shutdown()\ncallback while holding the device_lock() leading to deadlock.\n\nAnd this deadlock scenario can occur on other paths as well, like during\nthe PM suspend() callback, where the driver core would hold the\ndevice_lock() before calling driver\u0027s suspend() callback. And if the\nrecovery_work was already started, it could lead to deadlock. This is also\nobserved on the X1E80100 CRD.\n\nSo to fix both issues, use pci_try_reset_function() in recovery_work. This\nfunction first checks for the availability of the device_lock() before\ntrying to reset the device. If the lock is available, it will acquire it\nand reset the device. Otherwise, it will return -EAGAIN. If that happens,\nrecovery_work will fail with the error message \"Recovery failed\" as not\nmuch could be done.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21951",
"url": "https://www.suse.com/security/cve/CVE-2025-21951"
},
{
"category": "external",
"summary": "SUSE Bug 1240718 for CVE-2025-21951",
"url": "https://bugzilla.suse.com/1240718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21951"
},
{
"cve": "CVE-2025-21953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: cleanup mana struct after debugfs_remove()\n\nWhen on a MANA VM hibernation is triggered, as part of hibernate_snapshot(),\nmana_gd_suspend() and mana_gd_resume() are called. If during this\nmana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs\npointer does not get reinitialized and ends up pointing to older,\ncleaned-up dentry.\nFurther in the hibernation path, as part of power_down(), mana_gd_shutdown()\nis triggered. This call, unaware of the failures in resume, tries to cleanup\nthe already cleaned up mana_port_debugfs value and hits the following bug:\n\n[ 191.359296] mana 7870:00:00.0: Shutdown was called\n[ 191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ 191.360584] #PF: supervisor write access in kernel mode\n[ 191.361125] #PF: error_code(0x0002) - not-present page\n[ 191.361727] PGD 1080ea067 P4D 0\n[ 191.362172] Oops: Oops: 0002 [#1] SMP NOPTI\n[ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2\n[ 191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[ 191.364124] RIP: 0010:down_write+0x19/0x50\n[ 191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 \u003cf0\u003e 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d\n[ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246\n[ 191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000\n[ 191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098\n[ 191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001\n[ 191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000\n[ 191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020\n[ 191.369549] FS: 00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000\n[ 191.370213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0\n[ 191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 191.372906] Call Trace:\n[ 191.373262] \u003cTASK\u003e\n[ 191.373621] ? show_regs+0x64/0x70\n[ 191.374040] ? __die+0x24/0x70\n[ 191.374468] ? page_fault_oops+0x290/0x5b0\n[ 191.374875] ? do_user_addr_fault+0x448/0x800\n[ 191.375357] ? exc_page_fault+0x7a/0x160\n[ 191.375971] ? asm_exc_page_fault+0x27/0x30\n[ 191.376416] ? down_write+0x19/0x50\n[ 191.376832] ? down_write+0x12/0x50\n[ 191.377232] simple_recursive_removal+0x4a/0x2a0\n[ 191.377679] ? __pfx_remove_one+0x10/0x10\n[ 191.378088] debugfs_remove+0x44/0x70\n[ 191.378530] mana_detach+0x17c/0x4f0\n[ 191.378950] ? __flush_work+0x1e2/0x3b0\n[ 191.379362] ? __cond_resched+0x1a/0x50\n[ 191.379787] mana_remove+0xf2/0x1a0\n[ 191.380193] mana_gd_shutdown+0x3b/0x70\n[ 191.380642] pci_device_shutdown+0x3a/0x80\n[ 191.381063] device_shutdown+0x13e/0x230\n[ 191.381480] kernel_power_off+0x35/0x80\n[ 191.381890] hibernate+0x3c6/0x470\n[ 191.382312] state_store+0xcb/0xd0\n[ 191.382734] kobj_attr_store+0x12/0x30\n[ 191.383211] sysfs_kf_write+0x3e/0x50\n[ 191.383640] kernfs_fop_write_iter+0x140/0x1d0\n[ 191.384106] vfs_write+0x271/0x440\n[ 191.384521] ksys_write+0x72/0xf0\n[ 191.384924] __x64_sys_write+0x19/0x20\n[ 191.385313] x64_sys_call+0x2b0/0x20b0\n[ 191.385736] do_syscall_64+0x79/0x150\n[ 191.386146] ? __mod_memcg_lruvec_state+0xe7/0x240\n[ 191.386676] ? __lruvec_stat_mod_folio+0x79/0xb0\n[ 191.387124] ? __pfx_lru_add+0x10/0x10\n[ 191.387515] ? queued_spin_unlock+0x9/0x10\n[ 191.387937] ? do_anonymous_page+0x33c/0xa00\n[ 191.388374] ? __handle_mm_fault+0xcf3/0x1210\n[ 191.388805] ? __count_memcg_events+0xbe/0x180\n[ 191.389235] ? handle_mm_fault+0xae/0x300\n[ 19\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21953",
"url": "https://www.suse.com/security/cve/CVE-2025-21953"
},
{
"category": "external",
"summary": "SUSE Bug 1240727 for CVE-2025-21953",
"url": "https://bugzilla.suse.com/1240727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21953"
},
{
"cve": "CVE-2025-21956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21956"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign normalized_pix_clk when color depth = 14\n\n[WHY \u0026 HOW]\nA warning message \"WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397\ncalculate_phy_pix_clks+0xef/0x100 [amdgpu]\" occurs because the\ndisplay_color_depth == COLOR_DEPTH_141414 is not handled. This is\nobserved in Radeon RX 6600 XT.\n\nIt is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests.\n\nAlso fixes the indentation in get_norm_pix_clk.\n\n(cherry picked from commit 274a87eb389f58eddcbc5659ab0b180b37e92775)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21956",
"url": "https://www.suse.com/security/cve/CVE-2025-21956"
},
{
"category": "external",
"summary": "SUSE Bug 1240739 for CVE-2025-21956",
"url": "https://bugzilla.suse.com/1240739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21956"
},
{
"cve": "CVE-2025-21957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla1280: Fix kernel oops when debug level \u003e 2\n\nA null dereference or oops exception will eventually occur when qla1280.c\ndriver is compiled with DEBUG_QLA1280 enabled and ql_debug_level \u003e 2. I\nthink its clear from the code that the intention here is sg_dma_len(s) not\nlength of sg_next(s) when printing the debug info.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21957",
"url": "https://www.suse.com/security/cve/CVE-2025-21957"
},
{
"category": "external",
"summary": "SUSE Bug 1240742 for CVE-2025-21957",
"url": "https://bugzilla.suse.com/1240742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21957"
},
{
"cve": "CVE-2025-21960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21960"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: do not update checksum in bnxt_xdp_build_skb()\n\nThe bnxt_rx_pkt() updates ip_summed value at the end if checksum offload\nis enabled.\nWhen the XDP-MB program is attached and it returns XDP_PASS, the\nbnxt_xdp_build_skb() is called to update skb_shared_info.\nThe main purpose of bnxt_xdp_build_skb() is to update skb_shared_info,\nbut it updates ip_summed value too if checksum offload is enabled.\nThis is actually duplicate work.\n\nWhen the bnxt_rx_pkt() updates ip_summed value, it checks if ip_summed\nis CHECKSUM_NONE or not.\nIt means that ip_summed should be CHECKSUM_NONE at this moment.\nBut ip_summed may already be updated to CHECKSUM_UNNECESSARY in the\nXDP-MB-PASS path.\nSo the by skb_checksum_none_assert() WARNS about it.\n\nThis is duplicate work and updating ip_summed in the\nbnxt_xdp_build_skb() is not needed.\n\nSplat looks like:\nWARNING: CPU: 3 PID: 5782 at ./include/linux/skbuff.h:5155 bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nModules linked in: bnxt_re bnxt_en rdma_ucm rdma_cm iw_cm ib_cm ib_uverbs veth xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_]\nCPU: 3 UID: 0 PID: 5782 Comm: socat Tainted: G W 6.14.0-rc4+ #27\nTainted: [W]=WARN\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nRIP: 0010:bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nCode: 54 24 0c 4c 89 f1 4c 89 ff c1 ea 1f ff d3 0f 1f 00 49 89 c6 48 85 c0 0f 84 4c e5 ff ff 48 89 c7 e8 ca 3d a0 c8 e9 8f f4 ff ff \u003c0f\u003e 0b f\nRSP: 0018:ffff88881ba09928 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: 00000000c7590303 RCX: 0000000000000000\nRDX: 1ffff1104e7d1610 RSI: 0000000000000001 RDI: ffff8881c91300b8\nRBP: ffff88881ba09b28 R08: ffff888273e8b0d0 R09: ffff888273e8b070\nR10: ffff888273e8b010 R11: ffff888278b0f000 R12: ffff888273e8b080\nR13: ffff8881c9130e00 R14: ffff8881505d3800 R15: ffff888273e8b000\nFS: 00007f5a2e7be080(0000) GS:ffff88881ba00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fff2e708ff8 CR3: 000000013e3b0000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? __warn+0xcd/0x2f0\n ? bnxt_rx_pkt+0x479b/0x7610\n ? report_bug+0x326/0x3c0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x14/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? bnxt_rx_pkt+0x479b/0x7610\n ? bnxt_rx_pkt+0x3e41/0x7610\n ? __pfx_bnxt_rx_pkt+0x10/0x10\n ? napi_complete_done+0x2cf/0x7d0\n __bnxt_poll_work+0x4e8/0x1220\n ? __pfx___bnxt_poll_work+0x10/0x10\n ? __pfx_mark_lock.part.0+0x10/0x10\n bnxt_poll_p5+0x36a/0xfa0\n ? __pfx_bnxt_poll_p5+0x10/0x10\n __napi_poll.constprop.0+0xa0/0x440\n net_rx_action+0x899/0xd00\n...\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going\nto be able to reproduce this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21960",
"url": "https://www.suse.com/security/cve/CVE-2025-21960"
},
{
"category": "external",
"summary": "SUSE Bug 1240815 for CVE-2025-21960",
"url": "https://bugzilla.suse.com/1240815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21960"
},
{
"cve": "CVE-2025-21961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21961"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: fix truesize for mb-xdp-pass case\n\nWhen mb-xdp is set and return is XDP_PASS, packet is converted from\nxdp_buff to sk_buff with xdp_update_skb_shared_info() in\nbnxt_xdp_build_skb().\nbnxt_xdp_build_skb() passes incorrect truesize argument to\nxdp_update_skb_shared_info().\nThe truesize is calculated as BNXT_RX_PAGE_SIZE * sinfo-\u003enr_frags but\nthe skb_shared_info was wiped by napi_build_skb() before.\nSo it stores sinfo-\u003enr_frags before bnxt_xdp_build_skb() and use it\ninstead of getting skb_shared_info from xdp_get_shared_info_from_buff().\n\nSplat looks like:\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 0 at net/core/skbuff.c:6072 skb_try_coalesce+0x504/0x590\n Modules linked in: xt_nat xt_tcpudp veth af_packet xt_conntrack nft_chain_nat xt_MASQUERADE nf_conntrack_netlink xfrm_user xt_addrtype nft_coms\n CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.14.0-rc2+ #3\n RIP: 0010:skb_try_coalesce+0x504/0x590\n Code: 4b fd ff ff 49 8b 34 24 40 80 e6 40 0f 84 3d fd ff ff 49 8b 74 24 48 40 f6 c6 01 0f 84 2e fd ff ff 48 8d 4e ff e9 25 fd ff ff \u003c0f\u003e 0b e99\n RSP: 0018:ffffb62c4120caa8 EFLAGS: 00010287\n RAX: 0000000000000003 RBX: ffffb62c4120cb14 RCX: 0000000000000ec0\n RDX: 0000000000001000 RSI: ffffa06e5d7dc000 RDI: 0000000000000003\n RBP: ffffa06e5d7ddec0 R08: ffffa06e6120a800 R09: ffffa06e7a119900\n R10: 0000000000002310 R11: ffffa06e5d7dcec0 R12: ffffe4360575f740\n R13: ffffe43600000000 R14: 0000000000000002 R15: 0000000000000002\n FS: 0000000000000000(0000) GS:ffffa0755f700000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f147b76b0f8 CR3: 00000001615d4000 CR4: 00000000007506f0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? __warn+0x84/0x130\n ? skb_try_coalesce+0x504/0x590\n ? report_bug+0x18a/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_try_coalesce+0x504/0x590\n inet_frag_reasm_finish+0x11f/0x2e0\n ip_defrag+0x37a/0x900\n ip_local_deliver+0x51/0x120\n ip_sublist_rcv_finish+0x64/0x70\n ip_sublist_rcv+0x179/0x210\n ip_list_rcv+0xf9/0x130\n\nHow to reproduce:\n\u003cNode A\u003e\nip link set $interface1 xdp obj xdp_pass.o\nip link set $interface1 mtu 9000 up\nip a a 10.0.0.1/24 dev $interface1\n\u003cNode B\u003e\nip link set $interfac2 mtu 9000 up\nip a a 10.0.0.2/24 dev $interface2\nping 10.0.0.1 -s 65000\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going to be\nable to reproduce this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21961",
"url": "https://www.suse.com/security/cve/CVE-2025-21961"
},
{
"category": "external",
"summary": "SUSE Bug 1240816 for CVE-2025-21961",
"url": "https://bugzilla.suse.com/1240816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21961"
},
{
"cve": "CVE-2025-21966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21966"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-flakey: Fix memory corruption in optional corrupt_bio_byte feature\n\nFix memory corruption due to incorrect parameter being passed to bio_init",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21966",
"url": "https://www.suse.com/security/cve/CVE-2025-21966"
},
{
"category": "external",
"summary": "SUSE Bug 1240779 for CVE-2025-21966",
"url": "https://bugzilla.suse.com/1240779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21966"
},
{
"cve": "CVE-2025-21968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix slab-use-after-free on hdcp_work\n\n[Why]\nA slab-use-after-free is reported when HDCP is destroyed but the\nproperty_validate_dwork queue is still running.\n\n[How]\nCancel the delayed work when destroying workqueue.\n\n(cherry picked from commit 725a04ba5a95e89c89633d4322430cfbca7ce128)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21968",
"url": "https://www.suse.com/security/cve/CVE-2025-21968"
},
{
"category": "external",
"summary": "SUSE Bug 1240783 for CVE-2025-21968",
"url": "https://bugzilla.suse.com/1240783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21968"
},
{
"cve": "CVE-2025-21969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n\nAfter the hci sync command releases l2cap_conn, the hci receive data work\nqueue references the released l2cap_conn when sending to the upper layer.\nAdd hci dev lock to the hci receive data work queue to synchronize the two.\n\n[1]\nBUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\nRead of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837\n\nCPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci1 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline]\n l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\n l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline]\n l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817\n hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline]\n hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 5837:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860\n l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726\n hci_event_func net/bluetooth/hci_event.c:7473 [inline]\n hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525\n hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nFreed by task 54:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266\n hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21969",
"url": "https://www.suse.com/security/cve/CVE-2025-21969"
},
{
"category": "external",
"summary": "SUSE Bug 1240784 for CVE-2025-21969",
"url": "https://bugzilla.suse.com/1240784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21969"
},
{
"cve": "CVE-2025-21970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Bridge, fix the crash caused by LAG state check\n\nWhen removing LAG device from bridge, NETDEV_CHANGEUPPER event is\ntriggered. Driver finds the lower devices (PFs) to flush all the\noffloaded entries. And mlx5_lag_is_shared_fdb is checked, it returns\nfalse if one of PF is unloaded. In such case,\nmlx5_esw_bridge_lag_rep_get() and its caller return NULL, instead of\nthe alive PF, and the flush is skipped.\n\nBesides, the bridge fdb entry\u0027s lastuse is updated in mlx5 bridge\nevent handler. But this SWITCHDEV_FDB_ADD_TO_BRIDGE event can be\nignored in this case because the upper interface for bond is deleted,\nand the entry will never be aged because lastuse is never updated.\n\nTo make things worse, as the entry is alive, mlx5 bridge workqueue\nkeeps sending that event, which is then handled by kernel bridge\nnotifier. It causes the following crash when accessing the passed bond\nnetdev which is already destroyed.\n\nTo fix this issue, remove such checks. LAG state is already checked in\ncommit 15f8f168952f (\"net/mlx5: Bridge, verify LAG state when adding\nbond to bridge\"), driver still need to skip offload if LAG becomes\ninvalid state after initialization.\n\n Oops: stack segment: 0000 [#1] SMP\n CPU: 3 UID: 0 PID: 23695 Comm: kworker/u40:3 Tainted: G OE 6.11.0_mlnx #1\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5_bridge_wq mlx5_esw_bridge_update_work [mlx5_core]\n RIP: 0010:br_switchdev_event+0x2c/0x110 [bridge]\n Code: 44 00 00 48 8b 02 48 f7 00 00 02 00 00 74 69 41 54 55 53 48 83 ec 08 48 8b a8 08 01 00 00 48 85 ed 74 4a 48 83 fe 02 48 89 d3 \u003c4c\u003e 8b 65 00 74 23 76 49 48 83 fe 05 74 7e 48 83 fe 06 75 2f 0f b7\n RSP: 0018:ffffc900092cfda0 EFLAGS: 00010297\n RAX: ffff888123bfe000 RBX: ffffc900092cfe08 RCX: 00000000ffffffff\n RDX: ffffc900092cfe08 RSI: 0000000000000001 RDI: ffffffffa0c585f0\n RBP: 6669746f6e690a30 R08: 0000000000000000 R09: ffff888123ae92c8\n R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888123ae9c60\n R13: 0000000000000001 R14: ffffc900092cfe08 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff88852c980000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f15914c8734 CR3: 0000000002830005 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? die+0x38/0x60\n ? do_trap+0x10b/0x120\n ? do_error_trap+0x64/0xa0\n ? exc_stack_segment+0x33/0x50\n ? asm_exc_stack_segment+0x22/0x30\n ? br_switchdev_event+0x2c/0x110 [bridge]\n ? sched_balance_newidle.isra.149+0x248/0x390\n notifier_call_chain+0x4b/0xa0\n atomic_notifier_call_chain+0x16/0x20\n mlx5_esw_bridge_update+0xec/0x170 [mlx5_core]\n mlx5_esw_bridge_update_work+0x19/0x40 [mlx5_core]\n process_scheduled_works+0x81/0x390\n worker_thread+0x106/0x250\n ? bh_worker+0x110/0x110\n kthread+0xb7/0xe0\n ? kthread_park+0x80/0x80\n ret_from_fork+0x2d/0x50\n ? kthread_park+0x80/0x80\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21970",
"url": "https://www.suse.com/security/cve/CVE-2025-21970"
},
{
"category": "external",
"summary": "SUSE Bug 1240819 for CVE-2025-21970",
"url": "https://bugzilla.suse.com/1240819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21970"
},
{
"cve": "CVE-2025-21971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Prevent creation of classes with TC_H_ROOT\n\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\n\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21971",
"url": "https://www.suse.com/security/cve/CVE-2025-21971"
},
{
"category": "external",
"summary": "SUSE Bug 1240799 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "external",
"summary": "SUSE Bug 1245794 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1245794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21971"
},
{
"cve": "CVE-2025-21972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: unshare packets when reassembling\n\nEnsure that the frag_list used for reassembly isn\u0027t shared with other\npackets. This avoids incorrect reassembly when packets are cloned, and\nprevents a memory leak due to circular references between fragments and\ntheir skb_shared_info.\n\nThe upcoming MCTP-over-USB driver uses skb_clone which can trigger the\nproblem - other MCTP drivers don\u0027t share SKBs.\n\nA kunit test is added to reproduce the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21972",
"url": "https://www.suse.com/security/cve/CVE-2025-21972"
},
{
"category": "external",
"summary": "SUSE Bug 1240813 for CVE-2025-21972",
"url": "https://bugzilla.suse.com/1240813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21972"
},
{
"cve": "CVE-2025-21975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21975"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: handle errors in mlx5_chains_create_table()\n\nIn mlx5_chains_create_table(), the return value of mlx5_get_fdb_sub_ns()\nand mlx5_get_flow_namespace() must be checked to prevent NULL pointer\ndereferences. If either function fails, the function should log error\nmessage with mlx5_core_warn() and return error pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21975",
"url": "https://www.suse.com/security/cve/CVE-2025-21975"
},
{
"category": "external",
"summary": "SUSE Bug 1240812 for CVE-2025-21975",
"url": "https://bugzilla.suse.com/1240812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21975"
},
{
"cve": "CVE-2025-21978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/hyperv: Fix address space leak when Hyper-V DRM device is removed\n\nWhen a Hyper-V DRM device is probed, the driver allocates MMIO space for\nthe vram, and maps it cacheable. If the device removed, or in the error\npath for device probing, the MMIO space is released but no unmap is done.\nConsequently the kernel address space for the mapping is leaked.\n\nFix this by adding iounmap() calls in the device removal path, and in the\nerror path during device probing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21978",
"url": "https://www.suse.com/security/cve/CVE-2025-21978"
},
{
"category": "external",
"summary": "SUSE Bug 1240806 for CVE-2025-21978",
"url": "https://bugzilla.suse.com/1240806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21978"
},
{
"cve": "CVE-2025-21979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: cancel wiphy_work before freeing wiphy\n\nA wiphy_work can be queued from the moment the wiphy is allocated and\ninitialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the\nrdev::wiphy_work is getting queued.\n\nIf wiphy_free is called before the rdev::wiphy_work had a chance to run,\nthe wiphy memory will be freed, and then when it eventally gets to run\nit\u0027ll use invalid memory.\n\nFix this by canceling the work before freeing the wiphy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21979",
"url": "https://www.suse.com/security/cve/CVE-2025-21979"
},
{
"category": "external",
"summary": "SUSE Bug 1240808 for CVE-2025-21979",
"url": "https://bugzilla.suse.com/1240808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21979"
},
{
"cve": "CVE-2025-21981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memory leak in aRFS after reset\n\nFix aRFS (accelerated Receive Flow Steering) structures memory leak by\nadding a checker to verify if aRFS memory is already allocated while\nconfiguring VSI. aRFS objects are allocated in two cases:\n- as part of VSI initialization (at probe), and\n- as part of reset handling\n\nHowever, VSI reconfiguration executed during reset involves memory\nallocation one more time, without prior releasing already allocated\nresources. This led to the memory leak with the following signature:\n\n[root@os-delivery ~]# cat /sys/kernel/debug/kmemleak\nunreferenced object 0xff3c1ca7252e6000 (size 8192):\n comm \"kworker/0:0\", pid 8, jiffies 4296833052\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 0):\n [\u003cffffffff991ec485\u003e] __kmalloc_cache_noprof+0x275/0x340\n [\u003cffffffffc0a6e06a\u003e] ice_init_arfs+0x3a/0xe0 [ice]\n [\u003cffffffffc09f1027\u003e] ice_vsi_cfg_def+0x607/0x850 [ice]\n [\u003cffffffffc09f244b\u003e] ice_vsi_setup+0x5b/0x130 [ice]\n [\u003cffffffffc09c2131\u003e] ice_init+0x1c1/0x460 [ice]\n [\u003cffffffffc09c64af\u003e] ice_probe+0x2af/0x520 [ice]\n [\u003cffffffff994fbcd3\u003e] local_pci_probe+0x43/0xa0\n [\u003cffffffff98f07103\u003e] work_for_cpu_fn+0x13/0x20\n [\u003cffffffff98f0b6d9\u003e] process_one_work+0x179/0x390\n [\u003cffffffff98f0c1e9\u003e] worker_thread+0x239/0x340\n [\u003cffffffff98f14abc\u003e] kthread+0xcc/0x100\n [\u003cffffffff98e45a6d\u003e] ret_from_fork+0x2d/0x50\n [\u003cffffffff98e083ba\u003e] ret_from_fork_asm+0x1a/0x30\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21981",
"url": "https://www.suse.com/security/cve/CVE-2025-21981"
},
{
"category": "external",
"summary": "SUSE Bug 1240612 for CVE-2025-21981",
"url": "https://bugzilla.suse.com/1240612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21981"
},
{
"cve": "CVE-2025-21991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes\n\nCurrently, load_microcode_amd() iterates over all NUMA nodes, retrieves their\nCPU masks and unconditionally accesses per-CPU data for the first CPU of each\nmask.\n\nAccording to Documentation/admin-guide/mm/numaperf.rst:\n\n \"Some memory may share the same node as a CPU, and others are provided as\n memory only nodes.\"\n\nTherefore, some node CPU masks may be empty and wouldn\u0027t have a \"first CPU\".\n\nOn a machine with far memory (and therefore CPU-less NUMA nodes):\n- cpumask_of_node(nid) is 0\n- cpumask_first(0) is CONFIG_NR_CPUS\n- cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an\n index that is 1 out of bounds\n\nThis does not have any security implications since flashing microcode is\na privileged operation but I believe this has reliability implications by\npotentially corrupting memory while flashing a microcode update.\n\nWhen booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes\na microcode update. I get the following splat:\n\n UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y\n index 512 is out of range for type \u0027unsigned long[512]\u0027\n [...]\n Call Trace:\n dump_stack\n __ubsan_handle_out_of_bounds\n load_microcode_amd\n request_microcode_amd\n reload_store\n kernfs_fop_write_iter\n vfs_write\n ksys_write\n do_syscall_64\n entry_SYSCALL_64_after_hwframe\n\nChange the loop to go over only NUMA nodes which have CPUs before determining\nwhether the first CPU on the respective node needs microcode update.\n\n [ bp: Massage commit message, fix typo. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21991",
"url": "https://www.suse.com/security/cve/CVE-2025-21991"
},
{
"category": "external",
"summary": "SUSE Bug 1240795 for CVE-2025-21991",
"url": "https://bugzilla.suse.com/1240795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21991"
},
{
"cve": "CVE-2025-21992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21992"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: ignore non-functional sensor in HP 5MP Camera\n\nThe HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that\nis not actually implemented. Attempting to access this non-functional\nsensor via iio_info causes system hangs as runtime PM tries to wake up\nan unresponsive sensor.\n\n [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff\n [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff\n\nAdd this device to the HID ignore list since the sensor interface is\nnon-functional by design and should not be exposed to userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21992",
"url": "https://www.suse.com/security/cve/CVE-2025-21992"
},
{
"category": "external",
"summary": "SUSE Bug 1240796 for CVE-2025-21992",
"url": "https://bugzilla.suse.com/1240796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21992"
},
{
"cve": "CVE-2025-21993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()\n\nWhen performing an iSCSI boot using IPv6, iscsistart still reads the\n/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix\nlength is 64, this causes the shift exponent to become negative,\ntriggering a UBSAN warning. As the concept of a subnet mask does not\napply to IPv6, the value is set to ~0 to suppress the warning message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21993",
"url": "https://www.suse.com/security/cve/CVE-2025-21993"
},
{
"category": "external",
"summary": "SUSE Bug 1240797 for CVE-2025-21993",
"url": "https://bugzilla.suse.com/1240797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21993"
},
{
"cve": "CVE-2025-21995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix fence reference count leak\n\nThe last_scheduled fence leaks when an entity is being killed and adding\nthe cleanup callback fails.\n\nDecrement the reference count of prev when dma_fence_add_callback()\nfails, ensuring proper balance.\n\n[phasta: add git tag info for stable kernel]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21995",
"url": "https://www.suse.com/security/cve/CVE-2025-21995"
},
{
"category": "external",
"summary": "SUSE Bug 1240821 for CVE-2025-21995",
"url": "https://bugzilla.suse.com/1240821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21995"
},
{
"cve": "CVE-2025-21996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()\n\nOn the off chance that command stream passed from userspace via\nioctl() call to radeon_vce_cs_parse() is weirdly crafted and\nfirst command to execute is to encode (case 0x03000001), the function\nin question will attempt to call radeon_vce_cs_reloc() with size\nargument that has not been properly initialized. Specifically, \u0027size\u0027\nwill point to \u0027tmp\u0027 variable before the latter had a chance to be\nassigned any value.\n\nPlay it safe and init \u0027tmp\u0027 with 0, thus ensuring that\nradeon_vce_cs_reloc() will catch an early error in cases like these.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.\n\n(cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21996",
"url": "https://www.suse.com/security/cve/CVE-2025-21996"
},
{
"category": "external",
"summary": "SUSE Bug 1240801 for CVE-2025-21996",
"url": "https://bugzilla.suse.com/1240801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21996"
},
{
"cve": "CVE-2025-22001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix integer overflow in qaic_validate_req()\n\nThese are u64 variables that come from the user via\nqaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that\nthe math doesn\u0027t have an integer wrapping bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22001",
"url": "https://www.suse.com/security/cve/CVE-2025-22001"
},
{
"category": "external",
"summary": "SUSE Bug 1240873 for CVE-2025-22001",
"url": "https://bugzilla.suse.com/1240873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22001"
},
{
"cve": "CVE-2025-22003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22003"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ucan: fix out of bound read in strscpy() source\n\nCommit 7fdaf8966aae (\"can: ucan: use strscpy() to instead of strncpy()\")\nunintentionally introduced a one byte out of bound read on strscpy()\u0027s\nsource argument (which is kind of ironic knowing that strscpy() is meant\nto be a more secure alternative :)).\n\nLet\u0027s consider below buffers:\n\n dest[len + 1]; /* will be NUL terminated */\n src[len]; /* may not be NUL terminated */\n\nWhen doing:\n\n strncpy(dest, src, len);\n dest[len] = \u0027\\0\u0027;\n\nstrncpy() will read up to len bytes from src.\n\nOn the other hand:\n\n strscpy(dest, src, len + 1);\n\nwill read up to len + 1 bytes from src, that is to say, an out of bound\nread of one byte will occur on src if it is not NUL terminated. Note\nthat the src[len] byte is never copied, but strscpy() still needs to\nread it to check whether a truncation occurred or not.\n\nThis exact pattern happened in ucan.\n\nThe root cause is that the source is not NUL terminated. Instead of\ndoing a copy in a local buffer, directly NUL terminate it as soon as\nusb_control_msg() returns. With this, the local firmware_str[] variable\ncan be removed.\n\nOn top of this do a couple refactors:\n\n - ucan_ctl_payload-\u003eraw is only used for the firmware string, so\n rename it to ucan_ctl_payload-\u003efw_str and change its type from u8 to\n char.\n\n - ucan_device_request_in() is only used to retrieve the firmware\n string, so rename it to ucan_get_fw_str() and refactor it to make it\n directly handle all the string termination logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22003",
"url": "https://www.suse.com/security/cve/CVE-2025-22003"
},
{
"category": "external",
"summary": "SUSE Bug 1240825 for CVE-2025-22003",
"url": "https://bugzilla.suse.com/1240825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22003"
},
{
"cve": "CVE-2025-22007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix error code in chan_alloc_skb_cb()\n\nThe chan_alloc_skb_cb() function is supposed to return error pointers on\nerror. Returning NULL will lead to a NULL dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22007",
"url": "https://www.suse.com/security/cve/CVE-2025-22007"
},
{
"category": "external",
"summary": "SUSE Bug 1240829 for CVE-2025-22007",
"url": "https://bugzilla.suse.com/1240829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22007"
},
{
"cve": "CVE-2025-22008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: check that dummy regulator has been probed before using it\n\nDue to asynchronous driver probing there is a chance that the dummy\nregulator hasn\u0027t already been probed when first accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22008",
"url": "https://www.suse.com/security/cve/CVE-2025-22008"
},
{
"category": "external",
"summary": "SUSE Bug 1240942 for CVE-2025-22008",
"url": "https://bugzilla.suse.com/1240942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22008"
},
{
"cve": "CVE-2025-22009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: dummy: force synchronous probing\n\nSometimes I get a NULL pointer dereference at boot time in kobject_get()\nwith the following call stack:\n\nanatop_regulator_probe()\n devm_regulator_register()\n regulator_register()\n regulator_resolve_supply()\n kobject_get()\n\nBy placing some extra BUG_ON() statements I could verify that this is\nraised because probing of the \u0027dummy\u0027 regulator driver is not completed\n(\u0027dummy_regulator_rdev\u0027 is still NULL).\n\nIn the JTAG debugger I can see that dummy_regulator_probe() and\nanatop_regulator_probe() can be run by different kernel threads\n(kworker/u4:*). I haven\u0027t further investigated whether this can be\nchanged or if there are other possibilities to force synchronization\nbetween these two probe routines. On the other hand I don\u0027t expect much\nboot time penalty by probing the \u0027dummy\u0027 regulator synchronously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22009",
"url": "https://www.suse.com/security/cve/CVE-2025-22009"
},
{
"category": "external",
"summary": "SUSE Bug 1240940 for CVE-2025-22009",
"url": "https://bugzilla.suse.com/1240940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22009"
},
{
"cve": "CVE-2025-22010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup during bt pages loop\n\nDriver runs a for-loop when allocating bt pages and mapping them with\nbuffer pages. When a large buffer (e.g. MR over 100GB) is being allocated,\nit may require a considerable loop count. This will lead to soft lockup:\n\n watchdog: BUG: soft lockup - CPU#27 stuck for 22s!\n ...\n Call trace:\n hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2]\n hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2]\n alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x118/0x290\n\n watchdog: BUG: soft lockup - CPU#35 stuck for 23s!\n ...\n Call trace:\n hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2]\n mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2]\n alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x120/0x2bc\n\nAdd a cond_resched() to fix soft lockup during these loops. In order not\nto affect the allocation performance of normal-size buffer, set the loop\ncount of a 100GB MR as the threshold to call cond_resched().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22010",
"url": "https://www.suse.com/security/cve/CVE-2025-22010"
},
{
"category": "external",
"summary": "SUSE Bug 1240943 for CVE-2025-22010",
"url": "https://bugzilla.suse.com/1240943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22010"
},
{
"cve": "CVE-2025-22013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state\n\nThere are several problems with the way hyp code lazily saves the host\u0027s\nFPSIMD/SVE state, including:\n\n* Host SVE being discarded unexpectedly due to inconsistent\n configuration of TIF_SVE and CPACR_ELx.ZEN. This has been seen to\n result in QEMU crashes where SVE is used by memmove(), as reported by\n Eric Auger:\n\n https://issues.redhat.com/browse/RHEL-68997\n\n* Host SVE state is discarded *after* modification by ptrace, which was an\n unintentional ptrace ABI change introduced with lazy discarding of SVE state.\n\n* The host FPMR value can be discarded when running a non-protected VM,\n where FPMR support is not exposed to a VM, and that VM uses\n FPSIMD/SVE. In these cases the hyp code does not save the host\u0027s FPMR\n before unbinding the host\u0027s FPSIMD/SVE/SME state, leaving a stale\n value in memory.\n\nAvoid these by eagerly saving and \"flushing\" the host\u0027s FPSIMD/SVE/SME\nstate when loading a vCPU such that KVM does not need to save any of the\nhost\u0027s FPSIMD/SVE/SME state. For clarity, fpsimd_kvm_prepare() is\nremoved and the necessary call to fpsimd_save_and_flush_cpu_state() is\nplaced in kvm_arch_vcpu_load_fp(). As \u0027fpsimd_state\u0027 and \u0027fpmr_ptr\u0027\nshould not be used, they are set to NULL; all uses of these will be\nremoved in subsequent patches.\n\nHistorical problems go back at least as far as v5.17, e.g. erroneous\nassumptions about TIF_SVE being clear in commit:\n\n 8383741ab2e773a9 (\"KVM: arm64: Get rid of host SVE tracking/saving\")\n\n... and so this eager save+flush probably needs to be backported to ALL\nstable trees.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22013",
"url": "https://www.suse.com/security/cve/CVE-2025-22013"
},
{
"category": "external",
"summary": "SUSE Bug 1240938 for CVE-2025-22013",
"url": "https://bugzilla.suse.com/1240938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22013"
},
{
"cve": "CVE-2025-22014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: Fix the potential deadlock\n\nWhen some client process A call pdr_add_lookup() to add the look up for\nthe service and does schedule locator work, later a process B got a new\nserver packet indicating locator is up and call pdr_locator_new_server()\nwhich eventually sets pdr-\u003elocator_init_complete to true which process A\nsees and takes list lock and queries domain list but it will timeout due\nto deadlock as the response will queued to the same qmi-\u003ewq and it is\nordered workqueue and process B is not able to complete new server\nrequest work due to deadlock on list lock.\n\nFix it by removing the unnecessary list iteration as the list iteration\nis already being done inside locator work, so avoid it here and just\ncall schedule_work() here.\n\n Process A Process B\n\n process_scheduled_works()\npdr_add_lookup() qmi_data_ready_work()\n process_scheduled_works() pdr_locator_new_server()\n pdr-\u003elocator_init_complete=true;\n pdr_locator_work()\n mutex_lock(\u0026pdr-\u003elist_lock);\n\n pdr_locate_service() mutex_lock(\u0026pdr-\u003elist_lock);\n\n pdr_get_domain_list()\n pr_err(\"PDR: %s get domain list\n txn wait failed: %d\\n\",\n req-\u003eservice_name,\n ret);\n\nTimeout error log due to deadlock:\n\n\"\n PDR: tms/servreg get domain list txn wait failed: -110\n PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110\n\"\n\nThanks to Bjorn and Johan for letting me know that this commit also fixes\nan audio regression when using the in-kernel pd-mapper as that makes it\neasier to hit this race. [1]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22014",
"url": "https://www.suse.com/security/cve/CVE-2025-22014"
},
{
"category": "external",
"summary": "SUSE Bug 1240937 for CVE-2025-22014",
"url": "https://bugzilla.suse.com/1240937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22014"
},
{
"cve": "CVE-2025-2312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2312"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host\u0027s Kerberos credentials cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2312",
"url": "https://www.suse.com/security/cve/CVE-2025-2312"
},
{
"category": "external",
"summary": "SUSE Bug 1239680 for CVE-2025-2312",
"url": "https://bugzilla.suse.com/1239680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-2312"
}
]
}
suse-su-2025:20192-1
Vulnerability from csaf_suse
Published
2025-04-17 14:37
Modified
2025-04-17 14:37
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757).
- CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).
- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).
- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).
- CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).
- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).
- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074).
- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).
- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).
- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56638: kABI fix for "netfilter: nft_inner: incorrect percpu area handling under softirq" (bsc#1235524).
- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).
- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).
- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).
- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).
- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).
- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).
- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).
- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).
- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).
- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).
- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).
- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).
- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).
- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).
- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).
- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).
- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).
- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).
- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).
- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).
- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).
- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).
- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).
- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).
- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).
- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).
- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).
- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).
- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).
- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).
- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).
- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).
- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).
- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).
- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).
- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).
- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).
- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).
- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).
- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).
- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).
- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).
- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).
- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).
- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).
- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).
- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed
if hclge_ptp_get_cycle returns an error (bsc#1240720).
- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742).
- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).
- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).
- CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784).
- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).
- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).
- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).
- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).
- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).
- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).
- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).
- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).
- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).
- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).
- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).
- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).
- ASoC: ops: Consistently treat platform_max as control value (git-fixes).
- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).
- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).
- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).
- Fix memory-hotplug regression (bsc#1237504)
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Enable playstation driver independently of sony driver (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).
- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).
- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).
- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).
- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).
- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: ads7846 - fix gpiod allocation (git-fixes).
- Input: allocate keycode for phone linking (stable-fixes).
- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).
- Input: iqs7222 - preserve system status register (git-fixes).
- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).
- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - rename QH controller to Legion Go S (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- Move upstreamed ACPI patch into sorted section
- Move upstreamed PCI and initramfs patches into sorted section
- Move upstreamed nfsd and sunrpc patches into sorted section
- Move upstreamed powerpc and SCSI patches into sorted section
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).
- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)
- PCI/DOE: Support discovery version 2 (bsc#1237853)
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).
- PCI: brcmstb: Use internal register to change link capability (git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).
- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Reapply "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "blk-throttle: Fix IO hang for a corner case" (git-fixes).
- Revert "dm: requeue IO if mapping table not yet available" (git-fixes).
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (git-fixes).
- Revert "drm/amd/display: Use HW lock mgr for PSR1" (stable-fixes).
- Revert "leds-pca955x: Remove the unused function pca95xx_num_led_regs()" (stable-fixes).
- Revert "wifi: ath11k: restore country code during resume" (bsc#1207948).
- Revert "wifi: ath11k: support hibernation" (bsc#1207948).
- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).
- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).
- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).
- Update "drm/mgag200: Added support for the new device G200eH5" (jsc#PED-12094)
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435).
- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).
- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).
- affs: do not write overlarge OFS data block size fields (git-fixes).
- affs: generate OFS sequence numbers starting at 1 (git-fixes).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)
- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)
- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)
- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)
- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)
- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- arm64: mm: Correct the update of max_pfn (git-fixes)
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).
- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).
- ata: pata_parport: add custom version of wait_after_reset (git-fixes).
- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).
- ata: pata_serverworks: Do not use the term blacklist (git-fixes).
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: cleanup and fix batch completion adding conditions (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: do not revert iter for -EIOCBQUEUED (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).
- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).
- bpf: Fix a verifier verbose message (git-fixes).
- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).
- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).
- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).
- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).
- bpf: fix potential error return (git-fixes).
- bpf: prevent r10 register from being marked as precise (git-fixes).
- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).
- broadcom: fix supported flag check in periodic output function (git-fixes).
- btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605).
- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).
- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).
- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).
- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).
- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: ucan: fix out of bound read in strscpy() source (git-fixes).
- cdx: Fix possible UAF error in driver_override_show() (git-fixes).
- char: misc: deallocate static minor in error path (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).
- config: Set gcc version (jsc#PED-12251).
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- counter: fix privdata alignment (git-fixes).
- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).
- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).
- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).
- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)
- cpufreq/cppc: Move and rename (bsc#1237856)
- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)
- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)
- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052)
Keep the feature disabled by default on x86_64
- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)
- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init()
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (jsc#PED-12416).
- crypto: qat - Fix typo "accelaration" (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - add support for device telemetry (jsc#PED-12416).
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - fix "Full Going True" macro definition (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- dlm: prevent NPD when writing a positive value to event_done (git-fixes).
- dm array: fix cursor index when skipping across block boundaries (git-fixes).
- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).
- dm init: Handle minors larger than 255 (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm persistent data: fix memory allocation failure (git-fixes).
- dm resume: do not return EINVAL when signalled (git-fixes).
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes).
- dm-crypt: track tag_offset in convert_context (git-fixes).
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- dm-delay: fix max_delay calculations (git-fixes).
- dm-delay: fix workqueue delay_timer race (git-fixes).
- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).
- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).
- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).
- dm: Fix typo in error message (git-fixes).
- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).
- doc/README.SUSE: Point to the updated version of LKMPG
- doc: update managed_irq documentation (bsc#1236897).
- driver core: Remove needless return in void API device_remove_group() (git-fixes).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).
- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).
- drm/amd/display: Fix HPD after gpu reset (stable-fixes).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).
- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).
- drm/amd/pm/smu11: Prevent division by zero (git-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amd/pm: Prevent division by zero (git-fixes).
- drm/amd: Keep display off while going into S4 (stable-fixes).
- drm/amdgpu/dma_buf: fix page_link check (git-fixes).
- drm/amdgpu/gfx11: fix num_mec (git-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to
avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/bridge: Fix spelling mistake "gettin" -> "getting" (git-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).
- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/dpu: do not use active in atomic_check() (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/nouveau: Do not override forced connector status (stable-fixes).
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).
- drm/repaper: fix integer overflows in repeat functions (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/sti: remove duplicate object names (git-fixes).
- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- drm/vkms: Fix use after free and double free on init error (git-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).
- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).
- firmware: cs_dsp: Remove async regmap writes (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: rcar: Fix missing of_node_put() call (git-fixes).
- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).
- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).
- iio: dac: ad3552r: clear reset status flag (git-fixes).
- iio: filter: admv8818: Force initialization of SDO (git-fixes).
- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).
- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).
- init: add initramfs_internal.h (bsc#1232848).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- initramfs: allocate heap buffers together (bsc#1232848).
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- ioam6: improve checks on user data (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI workaround for intel-ish-hid (git-fixes).
- kABI workaround for soc_mixer_control changes (git-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-source: Also replace bin/env
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).
- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).
- l2tp: fix lockdep splat (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: 842: Improve error handling in sw842_compress() (git-fixes).
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__default_new() to
perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698
jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).
- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- mdacon: rework dependency list (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).
- media: streamzap: fix race between device disconnection and urb callback (git-fixes).
- media: streamzap: prevent processing IR data on URB failure (git-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).
- media: venus: hfi: add check to handle incorrect queue size (git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- media: vim2m: print device name after registering device (git-fixes).
- media: visl: Fix ERANGE error when setting enum controls (git-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- memblock tests: fix warning: "__ALIGN_KERNEL" redefined (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).
- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Remove extern from function prototypes (stable-fixes).
- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).
- mm: accept to promo watermark (bsc#1239600).
- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).
- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: rawnand: Add status chack in r852_ready() (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- net l2tp: drop flow hash on forward (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).
- net/sched: flower: Add lock protection when remove filter handle (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes).
- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: add dev_net_rcu() helper (bsc#1239994).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).
- net: move altnames together with the netdevice (bsc#1233749).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).
- net: use unrcu_pointer() helper (git-fixes).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).
- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes).
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).
- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).
- nfsd: clear acl_access/acl_default after releasing them (git-fixes).
- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).
- ntb: intel: Fix using link status DB's (git-fixes).
- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).
- ntb_perf: Fix printk format (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).
- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).
- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet-fc: Remove unused functions (git-fixes).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- nvmet: remove old function prototype (git-fixes).
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).
- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).
- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- ocfs2: handle a symlink read error correctly (git-fixes).
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- orangefs: fix a oob in orangefs_debug_write (git-fixes).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- padata: fix sysfs store callback check (git-fixes).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- partitions: mac: fix handling of bogus partition table (git-fixes).
- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- perf tools: annotate asm_pure_loop.S (bsc#1239906).
- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).
- platform/x86: ISST: Correct command storage data length (git-fixes).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).
- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).
- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).
- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).
- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).
- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid
mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- powerpc: Stop using no_llseek (bsc#1239573).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).
- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).
- rapidio: fix an API misues when rio_add_net() fails (git-fixes).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- regulator: check that dummy regulator has been probed before using it (stable-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- regulator: dummy: force synchronous probing (git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).
- s390/cio: Fix CHPID "configure" attribute caching (git-fixes bsc#1240979).
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).
- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).
- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).
- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).
- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).
- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- selinux: Implement mptcp_add_subflow hook (bsc#1240375).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).
- smb3: fix creating FIFOs when mounting with "sfu" mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).
- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).
- sunrpc: suppress warnings for unused procfs functions (git-fixes).
- supported.conf: add now-included qat_420xx (external, intel)
- tcp: Add memory barrier to tcp_push() (git-fixes).
- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes).
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).
- tcp: Update window clamping condition (git-fixes).
- tcp: add tcp_done_with_error() helper (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).
- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- tcp: define initial scaling factor value as a macro (git-fixes).
- tcp: derive delack_max from rto_min (git-fixes).
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).
- tcp: fix mid stream window clamp (git-fixes).
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- tcp: fix race in tcp_write_err() (git-fixes).
- tcp: fix races in tcp_abort() (git-fixes).
- tcp: fix races in tcp_v_err() (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes).
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).
- tcp: increase the default TCP scaling ratio (git-fixes).
- tcp: introduce tcp_clock_ms() (git-fixes).
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).
- tools: fix annoying "mkdir -p ..." logs when building tools in parallel (git-fixes).
- tools: move alignment-related macros to new <linux/align.h> (git-fixes).
- topology: Set capacity_freq_ref in all cases (bsc#1238052)
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).
- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).
- tpm: do not start chip while suspended (git-fixes).
- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).
- tpm: tis: Double the timeout B to 4s (bsc#1235870).
- tpm_tis: Move CRC check to generic send routine (bsc#1235870).
- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).
- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).
- tty: serial: 8250: Add some more device IDs (stable-fixes).
- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).
- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ubi: Add a check for ubi_num (git-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).
- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).
- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).
- usb: gadget: Fix setting self-powered state on suspend (git-fixes).
- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: hub: lack of clearing xHC resources (git-fixes).
- usb: phy: generic: Use proper helper for property detection (stable-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: renesas_usbhs: Call clk_put() (git-fixes).
- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).
- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).
- usb: typec: ucsi: Fix NULL pointer access (git-fixes).
- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usb: xhci: correct debug message page size calculation (git-fixes).
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- usbnet:fix NPE during rx_complete (git-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- vfio/pci: Lock external INTx masking ops (bsc#1222803).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes).
- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).
- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).
- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).
- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).
- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).
- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).
- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- x86/microcode/intel: Cleanup code further (git-fixes).
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- x86/microcode/intel: Remove debug code (git-fixes).
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- x86/microcode/intel: Simplify early loading (git-fixes).
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- x86/microcode: Add per CPU control field (git-fixes).
- x86/microcode: Add per CPU result state (git-fixes).
- x86/microcode: Clarify the late load logic (git-fixes).
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- x86/microcode: Handle "nosmt" correctly (git-fixes).
- x86/microcode: Handle "offline" CPUs correctly (git-fixes).
- x86/microcode: Hide the config knob (git-fixes).
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- x86/microcode: Mop up early loading leftovers (git-fixes).
- x86/microcode: Move core specific defines to local header (git-fixes).
- x86/microcode: Prepare for minimal revision check (git-fixes).
- x86/microcode: Protect against instrumentation (git-fixes).
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- x86/microcode: Provide new control functions (git-fixes).
- x86/microcode: Remove microcode_mutex (git-fixes).
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/mm: Remove unused microcode.h include (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).
- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).
- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).
- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).
- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).
- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).
- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).
- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
Patchnames
SUSE-SLE-Micro-6.0-kernel-14
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).\n- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757).\n- CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489).\n- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).\n- CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858).\n- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).\n- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).\n- CVE-2024-45010: mptcp: pm: only mark \u0027subflow\u0027 endp as available (bsc#1230439).\n- CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769).\n- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).\n- CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711).\n- CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712).\n- CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733).\n- CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812).\n- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).\n- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).\n- CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910).\n- CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389).\n- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).\n- CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060).\n- CVE-2024-50142: xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset (bsc#1233028).\n- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).\n- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).\n- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).\n- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).\n- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).\n- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).\n- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).\n- CVE-2024-53124: net: fix data-races around sk-\u003esk_forward_alloc (bsc#1234074).\n- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).\n- CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222).\n- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).\n- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).\n- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).\n- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).\n- CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715).\n- CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729).\n- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).\n- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).\n- CVE-2024-56638: kABI fix for \"netfilter: nft_inner: incorrect percpu area handling under softirq\" (bsc#1235524).\n- CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436).\n- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).\n- CVE-2024-56658: net: defer final \u0027struct net\u0027 free in netns dismantle (bsc#1235441).\n- CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501).\n- CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455).\n- CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589).\n- CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591).\n- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).\n- CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936).\n- CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621).\n- CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637).\n- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).\n- CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973).\n- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).\n- CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532).\n- CVE-2024-57979: kABI workaround for pps changes (bsc#1238521).\n- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).\n- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).\n- CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104).\n- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).\n- CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997).\n- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).\n- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).\n- CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy (bsc#1236111).\n- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy (bsc#1236113).\n- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current-\u003ensproxy (bsc#1236114).\n- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current-\u003ensproxy (bsc#1236115).\n- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current-\u003ensproxy (bsc#1236122).\n- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy (bsc#1236123).\n- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).\n- CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206).\n- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).\n- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).\n- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).\n- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).\n- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).\n- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).\n- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).\n- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).\n- CVE-2025-21678: gtp: Destroy device along with udp socket\u0027s netns dismantle (bsc#1236698).\n- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).\n- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).\n- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).\n- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).\n- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).\n- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).\n- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).\n- CVE-2025-21703: netem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).\n- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).\n- CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528).\n- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).\n- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).\n- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).\n- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).\n- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).\n- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).\n- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).\n- CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494).\n- CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506).\n- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).\n- CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496).\n- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).\n- CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738).\n- CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763).\n- CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775).\n- CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780).\n- CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897).\n- CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906).\n- CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754).\n- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).\n- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).\n- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).\n- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).\n- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).\n- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).\n- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).\n- CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971).\n- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).\n- CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512).\n- CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479).\n- CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486).\n- CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478).\n- CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483).\n- CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474).\n- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).\n- CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482).\n- CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481).\n- CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191).\n- CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183).\n- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).\n- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).\n- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).\n- CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189).\n- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).\n- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).\n- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).\n- CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173).\n- CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186).\n- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).\n- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).\n- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).\n- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).\n- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).\n- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).\n- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed\n if hclge_ptp_get_cycle returns an error (bsc#1240720).\n- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level \u003e 2 (bsc#1240742).\n- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).\n- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).\n- CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784).\n- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).\n- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).\n- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).\n- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).\n- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).\n- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).\n- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).\n\nThe following non-security bugs were fixed:\n\n- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).\n- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).\n- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).\n- ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes).\n- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).\n- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).\n- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).\n- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).\n- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes).\n- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes).\n- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).\n- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).\n- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes).\n- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).\n- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).\n- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).\n- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).\n- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).\n- ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes).\n- ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes).\n- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes).\n- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).\n- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).\n- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes).\n- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes).\n- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes).\n- ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes).\n- ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes).\n- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).\n- ALSA: seq: Make dependency on UMP clearer (git-fixes).\n- ALSA: seq: remove redundant \u0027tristate\u0027 for SND_SEQ_UMP_CLIENT (stable-fixes).\n- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes).\n- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).\n- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).\n- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).\n- ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes).\n- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).\n- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).\n- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).\n- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).\n- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes).\n- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes).\n- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).\n- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).\n- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).\n- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes).\n- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes).\n- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes).\n- ASoC: cs35l41: check the return value from spi_setup() (git-fixes).\n- ASoC: es8328: fix route from DAC to output (git-fixes).\n- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).\n- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).\n- ASoC: ops: Consistently treat platform_max as control value (git-fixes).\n- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).\n- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).\n- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).\n- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).\n- ASoC: rt722-sdca: add missing readable registers (git-fixes).\n- ASoC: tas2764: Fix power control mask (stable-fixes).\n- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).\n- ASoC: tas2770: Fix volume scale (stable-fixes).\n- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).\n- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).\n- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).\n- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes).\n- Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes).\n- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).\n- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).\n- Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes).\n- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).\n- Documentation: qat: fix auto_reset attribute details (git-fixes).\n- Documentation: qat: fix auto_reset section (git-fixes).\n- Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes).\n- Fix memory-hotplug regression (bsc#1237504)\n- Grab mm lock before grabbing pt lock (git-fixes).\n- HID: Enable playstation driver independently of sony driver (git-fixes).\n- HID: Wacom: Add PCI Wacom device support (stable-fixes).\n- HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes).\n- HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes).\n- HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes).\n- HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes).\n- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes).\n- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).\n- HID: hid-steam: Add Deck IMU support (stable-fixes).\n- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).\n- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).\n- HID: hid-steam: Clean up locking (stable-fixes).\n- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).\n- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).\n- HID: hid-steam: Fix cleanup in probe() (git-fixes).\n- HID: hid-steam: Fix use-after-free when detaching device (git-fixes).\n- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).\n- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).\n- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).\n- HID: hid-steam: remove pointless error message (stable-fixes).\n- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).\n- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes).\n- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).\n- HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes).\n- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes).\n- HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes).\n- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes).\n- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).\n- HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).\n- HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes).\n- IB/mad: Check available slots before posting receive WRs (git-fixes)\n- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)\n- Input: ads7846 - fix gpiod allocation (git-fixes).\n- Input: allocate keycode for phone linking (stable-fixes).\n- Input: i8042 - add required quirks for missing old boardnames (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes).\n- Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes).\n- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).\n- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes).\n- Input: iqs7222 - preserve system status register (git-fixes).\n- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).\n- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).\n- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes).\n- Input: xpad - add multiple supported devices (stable-fixes).\n- Input: xpad - add support for TECNO Pocket Go (stable-fixes).\n- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).\n- Input: xpad - rename QH controller to Legion Go S (stable-fixes).\n- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).\n- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).\n- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).\n- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).\n- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).\n- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).\n- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).\n- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)\n- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).\n- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).\n- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).\n- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).\n- KVM: x86/mmu: Skip the \"try unsync\" path iff the old SPTE was a leaf SPTE (git-fixes).\n- KVM: x86: AMD\u0027s IBPB is not equivalent to Intel\u0027s IBPB (git-fixes).\n- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).\n- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).\n- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).\n- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).\n- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).\n- KVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel (git-fixes).\n- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).\n- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).\n- Move upstreamed ACPI patch into sorted section\n- Move upstreamed PCI and initramfs patches into sorted section\n- Move upstreamed nfsd and sunrpc patches into sorted section\n- Move upstreamed powerpc and SCSI patches into sorted section\n- PCI/ACS: Fix \u0027pci=config_acs=\u0027 parameter (git-fixes).\n- PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes).\n- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853)\n- PCI/DOE: Support discovery version 2 (bsc#1237853)\n- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).\n- PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes).\n- PCI: Avoid reset when disabled via sysfs (git-fixes).\n- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).\n- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).\n- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).\n- PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes).\n- PCI: Use downstream bridges for distributing resources (bsc#1237325).\n- PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes).\n- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes).\n- PCI: brcmstb: Fix potential premature regulator disabling (git-fixes).\n- PCI: brcmstb: Set generation limit before PCIe link up (git-fixes).\n- PCI: brcmstb: Use internal register to change link capability (git-fixes).\n- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes).\n- PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes).\n- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).\n- PCI: hookup irq_get_affinity callback (bsc#1236896).\n- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).\n- PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes).\n- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).\n- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes).\n- PM: sleep: Adjust check before setting power.must_resume (git-fixes).\n- PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes).\n- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).\n- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)\n- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)\n- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)\n- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)\n- RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes)\n- RDMA/efa: Reset device on probe failure (git-fixes)\n- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)\n- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)\n- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)\n- RDMA/hns: Fix missing xa_destroy() (git-fixes)\n- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)\n- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)\n- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)\n- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).\n- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).\n- RDMA/mlx5: Fix AH static rate parsing (git-fixes)\n- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)\n- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)\n- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)\n- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)\n- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)\n- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)\n- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)\n- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)\n- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)\n- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)\n- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)\n- RDMA/rxe: Improve newline in printing messages (git-fixes)\n- Reapply \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"blk-throttle: Fix IO hang for a corner case\" (git-fixes).\n- Revert \"dm: requeue IO if mapping table not yet available\" (git-fixes).\n- Revert \"drivers/card_reader/rtsx_usb: Restore interrupt based detection\" (git-fixes).\n- Revert \"drm/amd/display: Use HW lock mgr for PSR1\" (stable-fixes).\n- Revert \"leds-pca955x: Remove the unused function pca95xx_num_led_regs()\" (stable-fixes).\n- Revert \"wifi: ath11k: restore country code during resume\" (bsc#1207948).\n- Revert \"wifi: ath11k: support hibernation\" (bsc#1207948).\n- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).\n- SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes).\n- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).\n- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes).\n- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).\n- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).\n- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).\n- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).\n- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).\n- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).\n- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).\n- USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes).\n- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).\n- USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes).\n- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).\n- USB: serial: option: drop MeiG Smart defines (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes).\n- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).\n- USB: serial: option: match on interface class for Telit FN990B (stable-fixes).\n- Update \"drm/mgag200: Added support for the new device G200eH5\" (jsc#PED-12094)\n- Use gcc-13 for build on SLE16 (jsc#PED-10028).\n- accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes).\n- accel/qaic: Fix possible data corruption in BOs \u003e 2G (git-fixes).\n- acct: block access to kernel internal filesystems (git-fixes).\n- acct: perform last write from workqueue (git-fixes).\n- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).\n- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).\n- af_unix: Annotate data-race of sk-\u003esk_state in unix_stream_read_skb() (bsc#1239435).\n- af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435).\n- af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334).\n- affs: do not write overlarge OFS data block size fields (git-fixes).\n- affs: generate OFS sequence numbers starting at 1 (git-fixes).\n- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).\n- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)\n- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)\n- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)\n- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)\n- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes)\n- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)\n- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)\n- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)\n- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)\n- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)\n- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)\n- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)\n- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)\n- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)\n- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)\n- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)\n- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)\n- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)\n- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)\n- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)\n- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)\n- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)\n- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)\n- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)\n- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)\n- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)\n- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)\n- arm64: mm: Correct the update of max_pfn (git-fixes)\n- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)\n- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)\n- ata: ahci: Add mask_port_map module parameter (git-fixes).\n- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes).\n- ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes).\n- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).\n- ata: libata: Fix NCQ Non-Data log not supported print (git-fixes).\n- ata: pata_parport: add custom version of wait_after_reset (git-fixes).\n- ata: pata_parport: fit3: implement IDE command set registers (git-fixes).\n- ata: pata_serverworks: Do not use the term blacklist (git-fixes).\n- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes).\n- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).\n- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).\n- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes).\n- batman-adv: Drop unmanaged ELP metric worker (git-fixes).\n- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).\n- batman-adv: Ignore own maximum aggregation size during RX (git-fixes).\n- batman-adv: fix panic during interface removal (git-fixes).\n- bio-integrity: do not restrict the size of integrity metadata (git-fixes).\n- bitmap: introduce generic optimized bitmap_size() (git-fixes).\n- blk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage (bsc#1237558).\n- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).\n- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).\n- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).\n- blk-mq: add number of queue calc helper (bsc#1236897).\n- blk-mq: create correct map for fallback case (bsc#1236896).\n- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).\n- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).\n- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).\n- blk-mq: move cpuhp callback registering out of q-\u003esysfs_lock (git-fixes).\n- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).\n- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).\n- blk_iocost: remove some duplicate irq disable/enables (git-fixes).\n- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).\n- block: Clear zone limits for a non-zoned stacked queue (git-fixes).\n- block: Fix elevator_get_default() checking for NULL q-\u003etag_set (git-fixes).\n- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).\n- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).\n- block: Provide bdev_open_* functions (git-fixes).\n- block: Remove special-casing of compound pages (git-fixes).\n- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).\n- block: add a disk_has_partscan helper (git-fixes).\n- block: add a partscan sysfs attribute for disks (git-fixes).\n- block: add check of \u0027minors\u0027 and \u0027first_minor\u0027 in device_add_disk() (git-fixes).\n- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).\n- block: change rq_integrity_vec to respect the iterator (git-fixes).\n- block: cleanup and fix batch completion adding conditions (git-fixes).\n- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).\n- block: do not revert iter for -EIOCBQUEUED (git-fixes).\n- block: ensure we hold a queue reference when using queue limits (git-fixes).\n- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).\n- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).\n- block: fix integer overflow in BLKSECDISCARD (git-fixes).\n- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).\n- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).\n- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).\n- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).\n- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).\n- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).\n- block: retry call probe after request_module in blk_request_module (git-fixes).\n- block: return unsigned int from bdev_io_min (git-fixes).\n- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).\n- block: support to account io_ticks precisely (git-fixes).\n- block: use the right type for stub rq_integrity_vec() (git-fixes).\n- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).\n- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).\n- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).\n- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).\n- bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes).\n- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).\n- bpf: Fix a verifier verbose message (git-fixes).\n- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).\n- bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes).\n- bpf: Use -Wno-error in certain tests when building with GCC (git-fixes).\n- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).\n- bpf: fix potential error return (git-fixes).\n- bpf: prevent r10 register from being marked as precise (git-fixes).\n- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).\n- broadcom: fix supported flag check in periodic output function (git-fixes).\n- btrfs: check delayed refs when we\u0027re checking if a ref exists (bsc#1239605).\n- btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045).\n- btrfs: drop the backref cache during relocation if we commit (bsc#1239605).\n- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).\n- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).\n- btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045).\n- btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045).\n- btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045).\n- bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes).\n- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes).\n- bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes).\n- bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes).\n- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).\n- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).\n- can: ctucanfd: handle skb allocation failure (git-fixes).\n- can: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial (git-fixes).\n- can: flexcan: disable transceiver during system PM (git-fixes).\n- can: flexcan: only change CAN state when link up in system PM (git-fixes).\n- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).\n- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).\n- can: ucan: fix out of bound read in strscpy() source (git-fixes).\n- cdx: Fix possible UAF error in driver_override_show() (git-fixes).\n- char: misc: deallocate static minor in error path (git-fixes).\n- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).\n- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).\n- cifs: Remove intermediate object of failed create reparse call (git-fixes).\n- cifs: commands that are retried should have replay flag set (bsc#1231432).\n- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).\n- cifs: helper function to check replayable error codes (bsc#1231432).\n- cifs: new mount option called retrans (bsc#1231432).\n- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).\n- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).\n- cifs: update desired access while requesting for directory lease (git-fixes).\n- cifs: update the same create_guid on replay (git-fixes).\n- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).\n- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).\n- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).\n- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).\n- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).\n- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).\n- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).\n- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).\n- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).\n- clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes).\n- config: Set gcc version (jsc#PED-12251).\n- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).\n- counter: fix privdata alignment (git-fixes).\n- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).\n- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).\n- cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856)\n- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).\n- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).\n- cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707).\n- cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856)\n- cpufreq/cppc: Move and rename (bsc#1237856)\n- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)\n- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)\n- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052)\n Keep the feature disabled by default on x86_64\n- cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856)\n- cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856)\n- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).\n- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).\n- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).\n- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).\n- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).\n- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).\n- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).\n- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).\n- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).\n- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).\n- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).\n- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).\n- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).\n- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).\n- cpumask: add cpumask_weight_andnot() (bsc#1239015).\n- cpumask: define cleanup function for cpumasks (bsc#1239015).\n- crypto: ccp - Fix check for the primary ASP device (git-fixes).\n- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).\n- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).\n- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).\n- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).\n- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).\n- crypto: iaa - Change desc-\u003epriv to 0 (jsc#PED-12416).\n- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).\n- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).\n- crypto: iaa - Remove header table code (jsc#PED-12416).\n- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).\n- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init()\n- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).\n- crypto: iaa - Test the correct request flag (git-fixes).\n- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).\n- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).\n- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).\n- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).\n- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).\n- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).\n- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).\n- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).\n- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).\n- crypto: qat - Fix spelling mistake \"Invalide\" -\u003e \"Invalid\" (jsc#PED-12416).\n- crypto: qat - Fix typo \"accelaration\" (jsc#PED-12416).\n- crypto: qat - Fix typo (jsc#PED-12416).\n- crypto: qat - Remove trailing space after \\n newline (jsc#PED-12416).\n- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).\n- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).\n- crypto: qat - add auto reset on error (jsc#PED-12416).\n- crypto: qat - add bank save and restore flows (jsc#PED-12416).\n- crypto: qat - add fatal error notification (jsc#PED-12416).\n- crypto: qat - add fatal error notify method (jsc#PED-12416).\n- crypto: qat - add heartbeat error simulator (jsc#PED-12416).\n- crypto: qat - add interface for live migration (jsc#PED-12416).\n- crypto: qat - add support for 420xx devices (jsc#PED-12416).\n- crypto: qat - add support for device telemetry (jsc#PED-12416).\n- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).\n- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).\n- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).\n- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).\n- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).\n- crypto: qat - disable arbitration before reset (jsc#PED-12416).\n- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).\n- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).\n- crypto: qat - fix \"Full Going True\" macro definition (jsc#PED-12416).\n- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).\n- crypto: qat - fix comment structure (jsc#PED-12416).\n- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).\n- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).\n- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).\n- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).\n- crypto: qat - implement dh fallback for primes \u003e 4K (jsc#PED-12416).\n- crypto: qat - implement interface for live migration (jsc#PED-12416).\n- crypto: qat - improve aer error reset handling (jsc#PED-12416).\n- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).\n- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).\n- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).\n- crypto: qat - limit heartbeat notifications (jsc#PED-12416).\n- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).\n- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).\n- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).\n- crypto: qat - move fw config related structures (jsc#PED-12416).\n- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).\n- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).\n- crypto: qat - relocate CSR access code (jsc#PED-12416).\n- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).\n- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).\n- crypto: qat - remove access to parity register for QAT GEN4 (git-fixes).\n- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).\n- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).\n- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).\n- crypto: qat - set parity error mask for qat_420xx (git-fixes).\n- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).\n- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).\n- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).\n- crypto: qat - validate slices count returned by FW (jsc#PED-12416).\n- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).\n- cxgb4: Avoid removal of uninserted tid (git-fixes).\n- cxgb4: use port number to set mac addr (git-fixes).\n- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).\n- dlm: fix srcu_read_lock() return type to int (git-fixes).\n- dlm: prevent NPD when writing a positive value to event_done (git-fixes).\n- dm array: fix cursor index when skipping across block boundaries (git-fixes).\n- dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes).\n- dm init: Handle minors larger than 255 (git-fixes).\n- dm integrity: fix out-of-range warning (git-fixes).\n- dm persistent data: fix memory allocation failure (git-fixes).\n- dm resume: do not return EINVAL when signalled (git-fixes).\n- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).\n- dm thin: Add missing destroy_work_on_stack() (git-fixes).\n- dm-crypt: do not update io-\u003esector after kcryptd_crypt_write_io_submit() (git-fixes).\n- dm-crypt: track tag_offset in convert_context (git-fixes).\n- dm-delay: fix hung task introduced by kthread mode (git-fixes).\n- dm-delay: fix max_delay calculations (git-fixes).\n- dm-delay: fix workqueue delay_timer race (git-fixes).\n- dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes).\n- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes).\n- dm-integrity: align the outgoing bio in integrity_recheck (git-fixes).\n- dm-integrity: fix a race condition when accessing recalc_sector (git-fixes).\n- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes).\n- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes).\n- dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes).\n- dm: Fix typo in error message (git-fixes).\n- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).\n- doc/README.SUSE: Point to the updated version of LKMPG\n- doc: update managed_irq documentation (bsc#1236897).\n- driver core: Remove needless return in void API device_remove_group() (git-fixes).\n- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).\n- drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes).\n- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes).\n- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes).\n- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).\n- drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes).\n- drm/amd/display: Fix HPD after gpu reset (stable-fixes).\n- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).\n- drm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params (git-fixes).\n- drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes).\n- drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes).\n- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes).\n- drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes).\n- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes).\n- drm/amd/pm/smu11: Prevent division by zero (git-fixes).\n- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).\n- drm/amd/pm: Prevent division by zero (git-fixes).\n- drm/amd: Keep display off while going into S4 (stable-fixes).\n- drm/amdgpu/dma_buf: fix page_link check (git-fixes).\n- drm/amdgpu/gfx11: fix num_mec (git-fixes).\n- drm/amdgpu/umsch: declare umsch firmware (git-fixes).\n- drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes).\n- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes).\n- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes).\n- drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to\n avoid Priority Inversion in SRIOV (git-fixes).\n- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).\n- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).\n- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).\n- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).\n- drm/amdkfd: Fix Circular Locking Dependency in \u0027svm_range_cpu_invalidate_pagetables\u0027 (git-fixes).\n- drm/amdkfd: only flush the validate MES contex (stable-fixes).\n- drm/atomic: Filter out redundant DPMS calls (stable-fixes).\n- drm/bridge: Fix spelling mistake \"gettin\" -\u003e \"getting\" (git-fixes).\n- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).\n- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).\n- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).\n- drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes).\n- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).\n- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).\n- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).\n- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).\n- drm/dp_mst: Fix drm RAD print (git-fixes).\n- drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes).\n- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes).\n- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes).\n- drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes).\n- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes).\n- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).\n- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).\n- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL\u0027s own port width macro (git-fixes).\n- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).\n- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).\n- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).\n- drm/i915/selftests: avoid using uninitialized context (git-fixes).\n- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).\n- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).\n- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).\n- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).\n- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).\n- drm/mediatek: dp: drm_err =\u003e dev_err in HPD path to avoid NULL ptr (git-fixes).\n- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes).\n- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes).\n- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes).\n- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)\n- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).\n- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).\n- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).\n- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).\n- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).\n- drm/msm/dpu: do not use active in atomic_check() (git-fixes).\n- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes).\n- drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes).\n- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).\n- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).\n- drm/msm: Avoid rounding up to one jiffy (git-fixes).\n- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).\n- drm/nouveau: Do not override forced connector status (stable-fixes).\n- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).\n- drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes).\n- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes).\n- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes).\n- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes).\n- drm/repaper: fix integer overflows in repeat functions (git-fixes).\n- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).\n- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).\n- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).\n- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).\n- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).\n- drm/sched: Fix fence reference count leak (git-fixes).\n- drm/sched: Fix preprocessor guard (git-fixes).\n- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes).\n- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).\n- drm/ssd130x: fix ssd132x encoding (git-fixes).\n- drm/sti: remove duplicate object names (git-fixes).\n- drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes).\n- drm/virtio: New fence for every plane update (stable-fixes).\n- drm/vkms: Fix use after free and double free on init error (git-fixes).\n- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).\n- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).\n- dummycon: fix default rows/cols (git-fixes).\n- eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes).\n- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349).\n- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).\n- efi: libstub: Use \u0027-std=gnu11\u0027 to fix build with GCC 15 (stable-fixes).\n- eth: gve: use appropriate helper to set xdp_features (git-fixes).\n- exfat: convert to ctime accessor functions (git-fixes).\n- exfat: do not zero the extended part (bsc#1237356).\n- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).\n- exfat: fix file being changed by unaligned direct write (git-fixes).\n- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).\n- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).\n- exfat: fix zero the unwritten part for dio read (git-fixes).\n- fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes).\n- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).\n- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).\n- fbdev: sm501fb: Add some geometry checks (git-fixes).\n- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes).\n- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes).\n- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).\n- firmware: cs_dsp: Remove async regmap writes (git-fixes).\n- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).\n- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).\n- flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994).\n- futex: Do not include process MM in futex key on no-MMU (git-fixes).\n- gpio: aggregator: protect driver attr handlers against module unload (git-fixes).\n- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).\n- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).\n- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).\n- gpio: pca953x: Improve interrupt support (git-fixes).\n- gpio: rcar: Fix missing of_node_put() call (git-fixes).\n- gpio: rcar: Use raw_spinlock to protect register access (stable-fixes).\n- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).\n- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).\n- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).\n- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).\n- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes).\n- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).\n- gup: make the stack expansion warning a bit more targeted (bsc#1238214).\n- hfs: Sanity check the root record (git-fixes).\n- hwmon: (ad7314) Validate leading zero bits and return error (git-fixes).\n- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).\n- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes).\n- hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes).\n- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes).\n- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).\n- i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes).\n- i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes).\n- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes).\n- i2c: ls2x: Fix frequency division register access (git-fixes).\n- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).\n- i2c: omap: fix IRQ storms (git-fixes).\n- i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes).\n- i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes).\n- i3c: master: svc: Fix missing the IBI rules (git-fixes).\n- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).\n- iavf: allow changing VLAN state without calling PF (git-fixes).\n- ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518).\n- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).\n- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).\n- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).\n- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).\n- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).\n- ice: fix max values for dpll pin phase adjust (git-fixes).\n- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).\n- ice: gather page_count()\u0027s of each frag right before XDP prog call (git-fixes).\n- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).\n- ice: put Rx buffers after being done with current frame (git-fixes).\n- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).\n- ice: use internal pf id instead of function number (git-fixes).\n- idpf: add read memory barrier when checking descriptor done bit (git-fixes).\n- idpf: call set_real_num_queues in idpf_open (bsc#1236661).\n- idpf: convert workqueues to unbound (git-fixes).\n- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).\n- idpf: fix handling rsc packet with a single segment (git-fixes).\n- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).\n- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).\n- igc: return early when failing to read EECD register (git-fixes).\n- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes).\n- iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes).\n- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).\n- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).\n- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes).\n- iio: dac: ad3552r: clear reset status flag (git-fixes).\n- iio: filter: admv8818: Force initialization of SDO (git-fixes).\n- include/linux/mmzone.h: clean up watermark accessors (bsc#1239600).\n- include: net: add static inline dst_dev_overhead() to dst.h (git-fixes).\n- init: add initramfs_internal.h (bsc#1232848).\n- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).\n- initramfs: allocate heap buffers together (bsc#1232848).\n- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).\n- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).\n- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).\n- intel_th: pci: Add Arrow Lake support (stable-fixes).\n- intel_th: pci: Add Panther Lake-H support (stable-fixes).\n- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).\n- ioam6: improve checks on user data (git-fixes).\n- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).\n- iommu/vt-d: Fix suspicious RCU usage (git-fixes).\n- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).\n- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).\n- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994).\n- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).\n- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).\n- ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes).\n- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes).\n- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes).\n- ipv6: Use RCU in ip6_input() (bsc#1239994).\n- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).\n- ipv6: avoid atomic fragment on GSO packets (git-fixes).\n- ipv6: fib6_rules: flush route cache when rule is changed (git-fixes).\n- ipv6: fib: hide unused \u0027pn\u0027 variable (git-fixes).\n- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).\n- ipv6: fix potential NULL deref in fib6_add() (git-fixes).\n- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).\n- ipv6: introduce dst_rt6_info() helper (git-fixes).\n- ipv6: ioam: block BH from ioam6_output() (git-fixes).\n- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes).\n- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- ipv6: sr: add missing seg6_local_exit (git-fixes).\n- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes).\n- ipv6: take care of scope when choosing the src addr (git-fixes).\n- jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes).\n- jfs: add check read-only before txBeginAnon() call (git-fixes).\n- jfs: add index corruption check to DT_GETPAGE() (git-fixes).\n- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).\n- jfs: reject on-disk inodes of an unsupported type (git-fixes).\n- kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes)\n- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).\n- kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- kABI fix for netlink: terminate outstanding dump on socket close (git-fixes).\n- kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).\n- kABI workaround for intel-ish-hid (git-fixes).\n- kABI workaround for soc_mixer_control changes (git-fixes).\n- kabi: fix bus type (bsc#1236896).\n- kabi: fix group_cpus_evenly (bsc#1236897).\n- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).\n- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).\n- kbuild: hdrcheck: fix cross build with clang (git-fixes).\n- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).\n- kernel-binary: Support livepatch_rt with merged RT branch\n- kernel-source: Also replace bin/env\n- kunit: qemu_configs: sparc: use Zilog console (git-fixes).\n- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).\n- l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes).\n- l2tp: fix lockdep splat (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes).\n- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes).\n- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).\n- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).\n- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).\n- lib: 842: Improve error handling in sw842_compress() (git-fixes).\n- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).\n- lib: stackinit: hide never-taken branch from compiler (stable-fixes).\n- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__default_new() to\n perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698\n jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).\n- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).\n- lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes).\n- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).\n- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).\n- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).\n- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).\n- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).\n- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).\n- md/md-bitmap: add \u0027sync_size\u0027 into struct md_bitmap_stats (git-fixes).\n- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).\n- md/md-cluster: fix spares warnings for __le64 (git-fixes).\n- md/raid0: do not free conf on raid0_run failure (git-fixes).\n- md/raid1: do not free conf on raid0_run failure (git-fixes).\n- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).\n- md: Do not flush sync_work in md_write_start() (git-fixes).\n- md: convert comma to semicolon (git-fixes).\n- mdacon: rework dependency list (git-fixes).\n- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).\n- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).\n- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).\n- media: i2c: adv748x: Fix test pattern selection mask (git-fixes).\n- media: i2c: ccs: Set the device\u0027s runtime PM status correctly in remove (git-fixes).\n- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes).\n- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).\n- media: ov08x40: Fix hblank out of range issue (git-fixes).\n- media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes).\n- media: platform: stm32: Add check for clk_enable() (git-fixes).\n- media: siano: Fix error handling in smsdvb_module_init() (git-fixes).\n- media: streamzap: fix race between device disconnection and urb callback (git-fixes).\n- media: streamzap: prevent processing IR data on URB failure (git-fixes).\n- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).\n- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).\n- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).\n- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes).\n- media: venus: hfi: add a check to handle OOB in sfr region (git-fixes).\n- media: venus: hfi: add check to handle incorrect queue size (git-fixes).\n- media: venus: hfi_parser: add check to avoid out of bound access (git-fixes).\n- media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes).\n- media: verisilicon: HEVC: Initialize start_bit field (git-fixes).\n- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).\n- media: vim2m: print device name after registering device (git-fixes).\n- media: visl: Fix ERANGE error when setting enum controls (git-fixes).\n- mei: me: add panther lake P DID (stable-fixes).\n- memblock tests: fix warning: \"__ALIGN_KERNEL\" redefined (git-fixes).\n- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes).\n- mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes).\n- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).\n- mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes).\n- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).\n- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).\n- mfd: syscon: Remove extern from function prototypes (stable-fixes).\n- mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes).\n- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).\n- mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600).\n- mm: accept to promo watermark (bsc#1239600).\n- mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600).\n- mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600).\n- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)\n- mm: zswap: move allocations during CPU init outside the lock (git-fixes).\n- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).\n- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).\n- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).\n- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).\n- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes).\n- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).\n- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes).\n- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).\n- mptcp: export local_address (git-fixes)\n- mptcp: fix NL PM announced address accounting (git-fixes)\n- mptcp: fix data races on local_id (git-fixes)\n- mptcp: fix inconsistent state on fastopen race (bsc#1222672).\n- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)\n- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)\n- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)\n- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)\n- mptcp: pm: deny endp with signal + subflow + port (git-fixes)\n- mptcp: pm: do not ignore \u0027subflow\u0027 if \u0027signal\u0027 flag is also set (git-fixes)\n- mptcp: pm: do not try to create sf if alloc failed (git-fixes)\n- mptcp: pm: fullmesh: select the right ID later (git-fixes)\n- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)\n- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)\n- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)\n- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)\n- mptcp: pm: re-using ID of unused removed subflows (git-fixes)\n- mptcp: pm: reduce indentation blocks (git-fixes)\n- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)\n- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)\n- mptcp: unify pm get_local_id interfaces (git-fixes)\n- mptcp: unify pm set_flags interfaces (git-fixes)\n- mtd: Add check for devm_kcalloc() (git-fixes).\n- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).\n- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).\n- mtd: nand: Fix a kdoc comment (git-fixes).\n- mtd: rawnand: Add status chack in r852_ready() (git-fixes).\n- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).\n- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).\n- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).\n- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).\n- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).\n- nbd: Fix signal handling (git-fixes).\n- nbd: Improve the documentation of the locking assumptions (git-fixes).\n- nbd: do not allow reconnect after disconnect (git-fixes).\n- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994).\n- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).\n- net l2tp: drop flow hash on forward (git-fixes).\n- net/mlx5: Correct TASR typo into TSAR (git-fixes).\n- net/mlx5: Fix RDMA TX steering prio (git-fixes).\n- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).\n- net/mlx5: SF, Fix add port error handling (git-fixes).\n- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).\n- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).\n- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).\n- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).\n- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes).\n- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes).\n- net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes).\n- net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes).\n- net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes).\n- net/sched: flower: Add lock protection when remove filter handle (git-fixes).\n- net/sched: taprio: make q-\u003epicos_per_byte available to fill_sched_entry() (git-fixes).\n- net/sched: tbf: correct backlog statistic for GSO packets (git-fixes).\n- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).\n- net: Fix undefined behavior in netdev name allocation (bsc#1233749).\n- net: add dev_net_rcu() helper (bsc#1239994).\n- net: avoid UAF on deleted altname (bsc#1233749).\n- net: check for altname conflicts when changing netdev\u0027s netns (bsc#1233749).\n- net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes).\n- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).\n- net: do not send a MOVE event when netdev changes netns (bsc#1233749).\n- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).\n- net: fix ifname in netlink ntf during netns move (bsc#1233749).\n- net: fix removing a namespace with conflicting altnames (bsc#1233749).\n- net: free altname using an RCU callback (bsc#1233749).\n- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).\n- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).\n- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).\n- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes).\n- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).\n- net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes).\n- net: ipv6: ioam6: code alignment (git-fixes).\n- net: ipv6: ioam6: new feature tunsrc (git-fixes).\n- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes).\n- net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes).\n- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).\n- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).\n- net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes).\n- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).\n- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).\n- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).\n- net: mana: Allow variable size indirection table (bsc#1239016).\n- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).\n- net: mana: Avoid open coded arithmetic (bsc#1239016).\n- net: mana: Cleanup \"mana\" debugfs dir after cleanup of all children (bsc#1236760).\n- net: mana: Enable debugfs files for MANA device (bsc#1236758).\n- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).\n- net: mana: Support holes in device list reply msg (git-fixes).\n- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).\n- net: mana: cleanup mana struct after debugfs_remove() (git-fixes).\n- net: move altnames together with the netdevice (bsc#1233749).\n- net: netvsc: Update default VMBus channels (bsc#1236757).\n- net: reduce indentation of __dev_alloc_name() (bsc#1233749).\n- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).\n- net: remove else after return in dev_prep_valid_name() (bsc#1233749).\n- net: rose: lock the socket in rose_bind() (git-fixes).\n- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).\n- net: smc: fix spurious error message from __sock_release() (bsc#1237126).\n- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).\n- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).\n- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).\n- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480).\n- net: use unrcu_pointer() helper (git-fixes).\n- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).\n- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes).\n- net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes).\n- net_sched: sch_sfq: annotate data-races around q-\u003eperturb_period (git-fixes).\n- net_sched: sch_sfq: handle bigger packets (git-fixes).\n- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).\n- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).\n- nfsd: clear acl_access/acl_default after releasing them (git-fixes).\n- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).\n- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).\n- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).\n- ntb: intel: Fix using link status DB\u0027s (git-fixes).\n- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).\n- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).\n- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).\n- ntb_perf: Fix printk format (git-fixes).\n- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).\n- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).\n- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).\n- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).\n- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).\n- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).\n- null_blk: fix validation of block size (git-fixes).\n- nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649).\n- nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649).\n- nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649).\n- nvme-fc: use ctrl state getter (git-fixes).\n- nvme-ioctl: fix leaked requests on mapping error (git-fixes).\n- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).\n- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).\n- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes).\n- nvme-pci: remove stale comment (git-fixes).\n- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).\n- nvme-tcp: Fix a C2HTermReq error message (git-fixes).\n- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).\n- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).\n- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes).\n- nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes).\n- nvme/ioctl: add missing space in err message (git-fixes).\n- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).\n- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).\n- nvme: make nvme_tls_attrs_group static (git-fixes).\n- nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes).\n- nvme: move passthrough logging attribute to head (git-fixes).\n- nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649).\n- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- nvme: tcp: Fix compilation warning with W=1 (git-fixes).\n- nvmet-fc: Remove unused functions (git-fixes).\n- nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes).\n- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes).\n- nvmet: Fix crash when a namespace is disabled (git-fixes).\n- nvmet: remove old function prototype (git-fixes).\n- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).\n- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).\n- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).\n- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).\n- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).\n- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).\n- ocfs2: handle a symlink read error correctly (git-fixes).\n- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes).\n- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).\n- orangefs: fix a oob in orangefs_debug_write (git-fixes).\n- padata: Clean up in padata_do_multithreaded() (bsc#1237563).\n- padata: Honor the caller\u0027s alignment in case of chunk_size 0 (bsc#1237563).\n- padata: fix sysfs store callback check (git-fixes).\n- partitions: ldm: remove the initial kernel-doc notation (git-fixes).\n- partitions: mac: fix handling of bogus partition table (git-fixes).\n- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).\n- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).\n- perf tools: annotate asm_pure_loop.S (bsc#1239906).\n- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).\n- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).\n- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).\n- phy: tegra: xusb: reset VBUS \u0026 ID OVERRIDE (git-fixes).\n- pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes).\n- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).\n- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes).\n- pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes).\n- pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes).\n- pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes).\n- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).\n- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).\n- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).\n- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).\n- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).\n- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes).\n- platform/x86: ISST: Correct command storage data length (git-fixes).\n- platform/x86: ISST: Ignore minor version change (bsc#1237452).\n- platform/x86: acer-wmi: Ignore AC events (stable-fixes).\n- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).\n- platform/x86: int3472: Check for adev == NULL (stable-fixes).\n- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).\n- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes).\n- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes).\n- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes).\n- pnfs/flexfiles: retry getting layout segment for reads (git-fixes).\n- power: supply: da9150-fg: fix potential overflow (git-fixes).\n- power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes).\n- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).\n- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).\n- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).\n- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).\n- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).\n- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).\n- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).\n- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).\n- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).\n- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573).\n- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid\n mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).\n- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055).\n- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).\n- powerpc: Stop using no_llseek (bsc#1239573).\n- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).\n- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).\n- rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes).\n- rapidio: fix an API misues when rio_add_net() fails (git-fixes).\n- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).\n- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).\n- rbd: do not move requests to the running list on errors (git-fixes).\n- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).\n- regmap-irq: Add missing kfree() (git-fixes).\n- regulator: check that dummy regulator has been probed before using it (stable-fixes).\n- regulator: core: Fix deadlock in create_regulator() (git-fixes).\n- regulator: dummy: force synchronous probing (git-fixes).\n- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).\n- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)\n- rpm/release-projects: Update the ALP projects again (bsc#1231293).\n- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)\n- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).\n- s390/cio: Fix CHPID \"configure\" attribute caching (git-fixes bsc#1240979).\n- s390/cio: rename bitmap_size() -\u003e idset_bitmap_size() (git-fixes bsc#1236205).\n- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).\n- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).\n- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).\n- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).\n- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).\n- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).\n- s390/pci: Ignore RID for isolated VFs (bsc#1236752).\n- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).\n- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).\n- s390/pci: Use topology ID for multi-function devices (bsc#1236752).\n- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).\n- s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594).\n- s390/topology: Improve topology detection (bsc#1236591).\n- s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595).\n- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).\n- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).\n- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)\n- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).\n- scsi: core: Clear driver private data when retrying request (git-fixes).\n- scsi: core: Do not retry I/Os during depopulation (git-fixes).\n- scsi: core: Handle depopulation and restoration in progress (git-fixes).\n- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).\n- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).\n- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).\n- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).\n- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).\n- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).\n- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).\n- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).\n- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).\n- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).\n- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).\n- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).\n- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).\n- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).\n- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).\n- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).\n- scsi: myrb: Remove dead code (git-fixes).\n- scsi: qedi: Fix potential deadlock on \u0026qedi_percpu-\u003ep_work_lock (git-fixes).\n- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).\n- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).\n- scsi: sg: Enable runtime power management (git-fixes).\n- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).\n- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).\n- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).\n- scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).\n- selftest: hugetlb_dio: fix test naming (git-fixes).\n- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).\n- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).\n- selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes).\n- selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes).\n- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes).\n- selftests/bpf: add fp-leaking precise subprog result tests (git-fixes).\n- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).\n- selftests/mm/cow: fix the incorrect error handling (git-fixes).\n- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).\n- selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes).\n- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).\n- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).\n- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).\n- selftests: mptcp: close fd_in before returning in main_loop (git-fixes).\n- selftests: mptcp: connect: -f: no reconnect (git-fixes).\n- selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes).\n- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).\n- selinux: Implement mptcp_add_subflow hook (bsc#1240375).\n- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).\n- serial: 8250: Fix fifo underflow on flush (git-fixes).\n- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).\n- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).\n- slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes).\n- smb3: fix creating FIFOs when mounting with \"sfu\" mount option (git-fixes).\n- smb3: request handle caching when caching directories (bsc#1231432).\n- smb3: retrying on failed server close (bsc#1231432).\n- smb: cached directories can be more than root file handle (bsc#1231432).\n- smb: cilent: set reparse mount points as automounts (git-fixes).\n- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).\n- smb: client: Fix minor whitespace errors and warnings (git-fixes).\n- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).\n- smb: client: add support for WSL reparse points (git-fixes).\n- smb: client: allow creating special files via reparse points (git-fixes).\n- smb: client: allow creating symlinks via reparse points (git-fixes).\n- smb: client: cleanup smb2_query_reparse_point() (git-fixes).\n- smb: client: destroy cfid_put_wq on module exit (git-fixes).\n- smb: client: do not query reparse points twice on symlinks (git-fixes).\n- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).\n- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).\n- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).\n- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).\n- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).\n- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).\n- smb: client: fix hardlinking of reparse points (git-fixes).\n- smb: client: fix missing mode bits for SMB symlinks (git-fixes).\n- smb: client: fix open_cached_dir retries with \u0027hard\u0027 mount option (bsc#1240616).\n- smb: client: fix possible double free in smb2_set_ea() (git-fixes).\n- smb: client: fix potential broken compound request (git-fixes).\n- smb: client: fix renaming of reparse points (git-fixes).\n- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).\n- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).\n- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).\n- smb: client: handle path separator of created SMB symlinks (git-fixes).\n- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).\n- smb: client: ignore unhandled reparse tags (git-fixes).\n- smb: client: implement -\u003equery_reparse_point() for SMB1 (git-fixes).\n- smb: client: instantiate when creating SFU files (git-fixes).\n- smb: client: introduce -\u003eparse_reparse_point() (git-fixes).\n- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).\n- smb: client: introduce cifs_sfu_make_node() (git-fixes).\n- smb: client: introduce reparse mount option (git-fixes).\n- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).\n- smb: client: move most of reparse point handling code to common file (git-fixes).\n- smb: client: move some params to cifs_open_info_data (bsc#1231432).\n- smb: client: optimise reparse point querying (git-fixes).\n- smb: client: parse owner/group when creating reparse points (git-fixes).\n- smb: client: parse reparse point flag in create response (bsc#1231432).\n- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).\n- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).\n- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).\n- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).\n- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).\n- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).\n- smb: client: retry compound request without reusing lease (git-fixes).\n- smb: client: return reparse type in /proc/mounts (git-fixes).\n- smb: client: reuse file lease key in compound operations (git-fixes).\n- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).\n- smb: client: set correct file type from NFS reparse points (git-fixes).\n- smb: client: stop revalidating reparse points unnecessarily (git-fixes).\n- smb: use kernel_connect() and kernel_bind() (git-fixes).\n- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).\n- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).\n- soc: imx8m: Remove global soc_uid (stable-fixes).\n- soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes).\n- soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes).\n- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).\n- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes).\n- soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes).\n- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).\n- soc: qcom: pdr: Fix the potential deadlock (git-fixes).\n- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).\n- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).\n- soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes).\n- soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes).\n- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).\n- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).\n- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).\n- spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes).\n- spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes).\n- spi: sn-f-ospi: Fix division by zero (git-fixes).\n- splice: do not checksum AF_UNIX sockets (bsc#1240333).\n- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).\n- sunrpc: suppress warnings for unused procfs functions (git-fixes).\n- supported.conf: add now-included qat_420xx (external, intel)\n- tcp: Add memory barrier to tcp_push() (git-fixes).\n- tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes).\n- tcp: Annotate data-race around sk-\u003esk_mark in tcp_v4_send_reset (git-fixes).\n- tcp: Defer ts_recent changes until req is owned (git-fixes).\n- tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes).\n- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).\n- tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes).\n- tcp: Update window clamping condition (git-fixes).\n- tcp: add tcp_done_with_error() helper (git-fixes).\n- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).\n- tcp: annotate data-races around tp-\u003ewindow_clamp (git-fixes).\n- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).\n- tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes).\n- tcp: check mptcp-level constraints for backlog coalescing (git-fixes).\n- tcp: check space before adding MPTCP SYN options (git-fixes).\n- tcp: clear tp-\u003eretrans_stamp in tcp_rcv_fastopen_synack() (git-fixes).\n- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).\n- tcp: define initial scaling factor value as a macro (git-fixes).\n- tcp: derive delack_max from rto_min (git-fixes).\n- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes).\n- tcp: fix cookie_init_timestamp() overflows (git-fixes).\n- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).\n- tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes).\n- tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes).\n- tcp: fix mid stream window clamp (git-fixes).\n- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).\n- tcp: fix race in tcp_write_err() (git-fixes).\n- tcp: fix races in tcp_abort() (git-fixes).\n- tcp: fix races in tcp_v_err() (git-fixes).\n- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it\u0027s safe (git-fixes).\n- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes).\n- tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes).\n- tcp: increase the default TCP scaling ratio (git-fixes).\n- tcp: introduce tcp_clock_ms() (git-fixes).\n- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes).\n- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).\n- tcp: remove 64 KByte limit for initial tp-\u003ercv_wnd value (git-fixes).\n- tcp: replace tcp_time_stamp_raw() (git-fixes).\n- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).\n- thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes).\n- thermal: int340x: Add NULL check for adev (git-fixes).\n- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).\n- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes).\n- tools: fix annoying \"mkdir -p ...\" logs when building tools in parallel (git-fixes).\n- tools: move alignment-related macros to new \u0026lt;linux/align.h\u003e (git-fixes).\n- topology: Set capacity_freq_ref in all cases (bsc#1238052)\n- tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes).\n- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).\n- tpm: do not start chip while suspended (git-fixes).\n- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).\n- tpm: tis: Double the timeout B to 4s (bsc#1235870).\n- tpm_tis: Move CRC check to generic send routine (bsc#1235870).\n- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).\n- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).\n- tty: serial: 8250: Add some more device IDs (stable-fixes).\n- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).\n- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).\n- tty: xilinx_uartps: split sysrq handling (git-fixes).\n- ubi: Add a check for ubi_num (git-fixes).\n- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).\n- ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes).\n- ubi: correct the calculation of fastmap size (stable-fixes).\n- ubi: eba: properly rollback inside self_check_eba (git-fixes).\n- ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes).\n- ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes).\n- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes).\n- ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes).\n- ublk: fix error code for unsupported command (git-fixes).\n- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).\n- ublk: move ublk_cancel_dev() out of ub-\u003emutex (git-fixes).\n- ublk: move zone report data out of request pdu (git-fixes).\n- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).\n- usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes).\n- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).\n- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).\n- usb: chipidea: ci_hdrc_imx: decrement device\u0027s refcount in .remove() and in the error path of .probe() (git-fixes).\n- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).\n- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).\n- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).\n- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).\n- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).\n- usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes).\n- usb: gadget: Check bmAttributes only if configuration is valid (git-fixes).\n- usb: gadget: Fix setting self-powered state on suspend (git-fixes).\n- usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes).\n- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).\n- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).\n- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).\n- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).\n- usb: hub: lack of clearing xHC resources (git-fixes).\n- usb: phy: generic: Use proper helper for property detection (stable-fixes).\n- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes).\n- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).\n- usb: renesas_usbhs: Call clk_put() (git-fixes).\n- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).\n- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).\n- usb: roles: set switch registered flag early on (git-fixes).\n- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes).\n- usb: typec: ucsi: Fix NULL pointer access (git-fixes).\n- usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes).\n- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes).\n- usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes).\n- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).\n- usb: xhci: correct debug message page size calculation (git-fixes).\n- usb: xhci: remove \u0027retval\u0027 from xhci_pci_resume() (git-fixes).\n- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).\n- usbnet: ipheth: document scope of NCM implementation (stable-fixes).\n- usbnet:fix NPE during rx_complete (git-fixes).\n- util_macros.h: fix/rework find_closest() macros (git-fixes).\n- vboxsf: fix building with GCC 15 (stable-fixes).\n- vfio/pci: Lock external INTx masking ops (bsc#1222803).\n- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).\n- virtio-mem: check if the config changed before fake offlining memory (git-fixes).\n- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).\n- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).\n- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).\n- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).\n- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).\n- virtio: hookup irq_get_affinity callback (bsc#1236896).\n- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).\n- vsock/virtio: cancel close work in the destructor (git-fixes)\n- vsock: Keep the binding until socket destruction (git-fixes)\n- vsock: reset socket state when de-assigning the transport (git-fixes)\n- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes).\n- wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode (git-fixes).\n- wifi: ath11k: choose default PM policy for hibernation (bsc#1207948).\n- wifi: ath11k: determine PM policy based on machine model (bsc#1207948).\n- wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes).\n- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).\n- wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes).\n- wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948).\n- wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948).\n- wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948).\n- wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes).\n- wifi: ath12k: encode max Tx power in scan channel list command (git-fixes).\n- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).\n- wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes).\n- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).\n- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).\n- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).\n- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).\n- wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes).\n- wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes).\n- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).\n- wifi: iwlwifi: avoid memory leak (stable-fixes).\n- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).\n- wifi: iwlwifi: limit printed string from FW file (git-fixes).\n- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).\n- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes).\n- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).\n- wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes).\n- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).\n- wifi: mt76: Add check for devm_kstrdup() (git-fixes).\n- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).\n- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).\n- wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes).\n- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).\n- wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes).\n- wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes).\n- wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes).\n- wifi: mwifiex: Fix premature release of RF calibration data (git-fixes).\n- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).\n- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes).\n- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).\n- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).\n- wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).\n- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).\n- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).\n- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).\n- x86/asm: Make serialize() always_inline (git-fixes).\n- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).\n- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).\n- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).\n- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).\n- x86/coco: Replace \u0027static const cc_mask\u0027 with the newly introduced cc_get_mask() function (git-fixes).\n- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).\n- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).\n- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).\n- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).\n- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).\n- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).\n- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes).\n- x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes).\n- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).\n- x86/microcode/32: Move early loading after paging enable (git-fixes).\n- x86/microcode/amd: Cache builtin microcode too (git-fixes).\n- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).\n- x86/microcode/amd: Use cached microcode for AP load (git-fixes).\n- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).\n- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).\n- x86/microcode/intel: Cleanup code further (git-fixes).\n- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).\n- x86/microcode/intel: Remove debug code (git-fixes).\n- x86/microcode/intel: Remove pointless mutex (git-fixes).\n- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).\n- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).\n- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).\n- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).\n- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).\n- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).\n- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).\n- x86/microcode/intel: Simplify early loading (git-fixes).\n- x86/microcode/intel: Simplify scan_microcode() (git-fixes).\n- x86/microcode/intel: Switch to kvmalloc() (git-fixes).\n- x86/microcode/intel: Unify microcode apply() functions (git-fixes).\n- x86/microcode: Add per CPU control field (git-fixes).\n- x86/microcode: Add per CPU result state (git-fixes).\n- x86/microcode: Clarify the late load logic (git-fixes).\n- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).\n- x86/microcode: Get rid of the schedule work indirection (git-fixes).\n- x86/microcode: Handle \"nosmt\" correctly (git-fixes).\n- x86/microcode: Handle \"offline\" CPUs correctly (git-fixes).\n- x86/microcode: Hide the config knob (git-fixes).\n- x86/microcode: Include vendor headers into microcode.h (git-fixes).\n- x86/microcode: Make reload_early_microcode() static (git-fixes).\n- x86/microcode: Mop up early loading leftovers (git-fixes).\n- x86/microcode: Move core specific defines to local header (git-fixes).\n- x86/microcode: Prepare for minimal revision check (git-fixes).\n- x86/microcode: Protect against instrumentation (git-fixes).\n- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).\n- x86/microcode: Provide new control functions (git-fixes).\n- x86/microcode: Remove microcode_mutex (git-fixes).\n- x86/microcode: Remove pointless apply() invocation (git-fixes).\n- x86/microcode: Rendezvous and load in NMI (git-fixes).\n- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).\n- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).\n- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).\n- x86/mm: Remove unused microcode.h include (git-fixes).\n- x86/platform/olpc: Remove unused variable \u0027len\u0027 in olpc_dt_compatible_match() (git-fixes).\n- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).\n- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()\u0027s description (git-fixes).\n- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).\n- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).\n- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).\n- xen/swiotlb: relax alignment requirements (git-fixes).\n- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).\n- xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes).\n- xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701).\n- xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701).\n- xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes).\n- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).\n- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).\n- xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes).\n- xhci: dbc: Convert to use sysfs_streq() (git-fixes).\n- xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes).\n- xhci: dbc: Fix STALL transfer event handling (git-fixes).\n- xhci: dbc: Replace custom return value with proper Linux error code (git-fixes).\n- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).\n- xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes).\n- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).\n- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).\n- xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes).\n- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).\n- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).\n- xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes).\n- xhci: pci: Use standard pattern for device IDs (git-fixes).\n- zram: clear IDLE flag after recompression (git-fixes).\n- zram: clear IDLE flag in mark_idle() (git-fixes).\n- zram: do not mark idle slots that cannot be idle (git-fixes).\n- zram: fix potential UAF of zram table (git-fixes).\n- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).\n- zram: refuse to use zero sized block device as backing device (git-fixes).\n- zram: split memory-tracking and ac-time tracking (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-14",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20192-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20192-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520192-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20192-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021150.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1207948",
"url": "https://bugzilla.suse.com/1207948"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1215211",
"url": "https://bugzilla.suse.com/1215211"
},
{
"category": "self",
"summary": "SUSE Bug 1218470",
"url": "https://bugzilla.suse.com/1218470"
},
{
"category": "self",
"summary": "SUSE Bug 1219367",
"url": "https://bugzilla.suse.com/1219367"
},
{
"category": "self",
"summary": "SUSE Bug 1221651",
"url": "https://bugzilla.suse.com/1221651"
},
{
"category": "self",
"summary": "SUSE Bug 1222649",
"url": "https://bugzilla.suse.com/1222649"
},
{
"category": "self",
"summary": "SUSE Bug 1222672",
"url": "https://bugzilla.suse.com/1222672"
},
{
"category": "self",
"summary": "SUSE Bug 1222803",
"url": "https://bugzilla.suse.com/1222803"
},
{
"category": "self",
"summary": "SUSE Bug 1223047",
"url": "https://bugzilla.suse.com/1223047"
},
{
"category": "self",
"summary": "SUSE Bug 1224013",
"url": "https://bugzilla.suse.com/1224013"
},
{
"category": "self",
"summary": "SUSE Bug 1224049",
"url": "https://bugzilla.suse.com/1224049"
},
{
"category": "self",
"summary": "SUSE Bug 1224489",
"url": "https://bugzilla.suse.com/1224489"
},
{
"category": "self",
"summary": "SUSE Bug 1224610",
"url": "https://bugzilla.suse.com/1224610"
},
{
"category": "self",
"summary": "SUSE Bug 1224757",
"url": "https://bugzilla.suse.com/1224757"
},
{
"category": "self",
"summary": "SUSE Bug 1225533",
"url": "https://bugzilla.suse.com/1225533"
},
{
"category": "self",
"summary": "SUSE Bug 1225606",
"url": "https://bugzilla.suse.com/1225606"
},
{
"category": "self",
"summary": "SUSE Bug 1225742",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "self",
"summary": "SUSE Bug 1225770",
"url": "https://bugzilla.suse.com/1225770"
},
{
"category": "self",
"summary": "SUSE Bug 1225981",
"url": "https://bugzilla.suse.com/1225981"
},
{
"category": "self",
"summary": "SUSE Bug 1226871",
"url": "https://bugzilla.suse.com/1226871"
},
{
"category": "self",
"summary": "SUSE Bug 1227858",
"url": "https://bugzilla.suse.com/1227858"
},
{
"category": "self",
"summary": "SUSE Bug 1227937",
"url": "https://bugzilla.suse.com/1227937"
},
{
"category": "self",
"summary": "SUSE Bug 1228521",
"url": "https://bugzilla.suse.com/1228521"
},
{
"category": "self",
"summary": "SUSE Bug 1228653",
"url": "https://bugzilla.suse.com/1228653"
},
{
"category": "self",
"summary": "SUSE Bug 1228659",
"url": "https://bugzilla.suse.com/1228659"
},
{
"category": "self",
"summary": "SUSE Bug 1229311",
"url": "https://bugzilla.suse.com/1229311"
},
{
"category": "self",
"summary": "SUSE Bug 1229361",
"url": "https://bugzilla.suse.com/1229361"
},
{
"category": "self",
"summary": "SUSE Bug 1230235",
"url": "https://bugzilla.suse.com/1230235"
},
{
"category": "self",
"summary": "SUSE Bug 1230438",
"url": "https://bugzilla.suse.com/1230438"
},
{
"category": "self",
"summary": "SUSE Bug 1230439",
"url": "https://bugzilla.suse.com/1230439"
},
{
"category": "self",
"summary": "SUSE Bug 1230497",
"url": "https://bugzilla.suse.com/1230497"
},
{
"category": "self",
"summary": "SUSE Bug 1230728",
"url": "https://bugzilla.suse.com/1230728"
},
{
"category": "self",
"summary": "SUSE Bug 1230769",
"url": "https://bugzilla.suse.com/1230769"
},
{
"category": "self",
"summary": "SUSE Bug 1230832",
"url": "https://bugzilla.suse.com/1230832"
},
{
"category": "self",
"summary": "SUSE Bug 1231088",
"url": "https://bugzilla.suse.com/1231088"
},
{
"category": "self",
"summary": "SUSE Bug 1231293",
"url": "https://bugzilla.suse.com/1231293"
},
{
"category": "self",
"summary": "SUSE Bug 1231432",
"url": "https://bugzilla.suse.com/1231432"
},
{
"category": "self",
"summary": "SUSE Bug 1231910",
"url": "https://bugzilla.suse.com/1231910"
},
{
"category": "self",
"summary": "SUSE Bug 1231912",
"url": "https://bugzilla.suse.com/1231912"
},
{
"category": "self",
"summary": "SUSE Bug 1231920",
"url": "https://bugzilla.suse.com/1231920"
},
{
"category": "self",
"summary": "SUSE Bug 1231949",
"url": "https://bugzilla.suse.com/1231949"
},
{
"category": "self",
"summary": "SUSE Bug 1232159",
"url": "https://bugzilla.suse.com/1232159"
},
{
"category": "self",
"summary": "SUSE Bug 1232198",
"url": "https://bugzilla.suse.com/1232198"
},
{
"category": "self",
"summary": "SUSE Bug 1232201",
"url": "https://bugzilla.suse.com/1232201"
},
{
"category": "self",
"summary": "SUSE Bug 1232299",
"url": "https://bugzilla.suse.com/1232299"
},
{
"category": "self",
"summary": "SUSE Bug 1232364",
"url": "https://bugzilla.suse.com/1232364"
},
{
"category": "self",
"summary": "SUSE Bug 1232389",
"url": "https://bugzilla.suse.com/1232389"
},
{
"category": "self",
"summary": "SUSE Bug 1232421",
"url": "https://bugzilla.suse.com/1232421"
},
{
"category": "self",
"summary": "SUSE Bug 1232508",
"url": "https://bugzilla.suse.com/1232508"
},
{
"category": "self",
"summary": "SUSE Bug 1232520",
"url": "https://bugzilla.suse.com/1232520"
},
{
"category": "self",
"summary": "SUSE Bug 1232743",
"url": "https://bugzilla.suse.com/1232743"
},
{
"category": "self",
"summary": "SUSE Bug 1232812",
"url": "https://bugzilla.suse.com/1232812"
},
{
"category": "self",
"summary": "SUSE Bug 1232848",
"url": "https://bugzilla.suse.com/1232848"
},
{
"category": "self",
"summary": "SUSE Bug 1232895",
"url": "https://bugzilla.suse.com/1232895"
},
{
"category": "self",
"summary": "SUSE Bug 1232919",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "self",
"summary": "SUSE Bug 1233028",
"url": "https://bugzilla.suse.com/1233028"
},
{
"category": "self",
"summary": "SUSE Bug 1233033",
"url": "https://bugzilla.suse.com/1233033"
},
{
"category": "self",
"summary": "SUSE Bug 1233060",
"url": "https://bugzilla.suse.com/1233060"
},
{
"category": "self",
"summary": "SUSE Bug 1233109",
"url": "https://bugzilla.suse.com/1233109"
},
{
"category": "self",
"summary": "SUSE Bug 1233221",
"url": "https://bugzilla.suse.com/1233221"
},
{
"category": "self",
"summary": "SUSE Bug 1233248",
"url": "https://bugzilla.suse.com/1233248"
},
{
"category": "self",
"summary": "SUSE Bug 1233259",
"url": "https://bugzilla.suse.com/1233259"
},
{
"category": "self",
"summary": "SUSE Bug 1233260",
"url": "https://bugzilla.suse.com/1233260"
},
{
"category": "self",
"summary": "SUSE Bug 1233479",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "self",
"summary": "SUSE Bug 1233483",
"url": "https://bugzilla.suse.com/1233483"
},
{
"category": "self",
"summary": "SUSE Bug 1233522",
"url": "https://bugzilla.suse.com/1233522"
},
{
"category": "self",
"summary": "SUSE Bug 1233551",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "self",
"summary": "SUSE Bug 1233557",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "self",
"summary": "SUSE Bug 1233749",
"url": "https://bugzilla.suse.com/1233749"
},
{
"category": "self",
"summary": "SUSE Bug 1234070",
"url": "https://bugzilla.suse.com/1234070"
},
{
"category": "self",
"summary": "SUSE Bug 1234074",
"url": "https://bugzilla.suse.com/1234074"
},
{
"category": "self",
"summary": "SUSE Bug 1234157",
"url": "https://bugzilla.suse.com/1234157"
},
{
"category": "self",
"summary": "SUSE Bug 1234222",
"url": "https://bugzilla.suse.com/1234222"
},
{
"category": "self",
"summary": "SUSE Bug 1234480",
"url": "https://bugzilla.suse.com/1234480"
},
{
"category": "self",
"summary": "SUSE Bug 1234698",
"url": "https://bugzilla.suse.com/1234698"
},
{
"category": "self",
"summary": "SUSE Bug 1234828",
"url": "https://bugzilla.suse.com/1234828"
},
{
"category": "self",
"summary": "SUSE Bug 1234853",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "self",
"summary": "SUSE Bug 1234857",
"url": "https://bugzilla.suse.com/1234857"
},
{
"category": "self",
"summary": "SUSE Bug 1234891",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "self",
"summary": "SUSE Bug 1234894",
"url": "https://bugzilla.suse.com/1234894"
},
{
"category": "self",
"summary": "SUSE Bug 1234895",
"url": "https://bugzilla.suse.com/1234895"
},
{
"category": "self",
"summary": "SUSE Bug 1234896",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "self",
"summary": "SUSE Bug 1234936",
"url": "https://bugzilla.suse.com/1234936"
},
{
"category": "self",
"summary": "SUSE Bug 1234963",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "self",
"summary": "SUSE Bug 1235054",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "self",
"summary": "SUSE Bug 1235061",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "self",
"summary": "SUSE Bug 1235073",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "self",
"summary": "SUSE Bug 1235244",
"url": "https://bugzilla.suse.com/1235244"
},
{
"category": "self",
"summary": "SUSE Bug 1235435",
"url": "https://bugzilla.suse.com/1235435"
},
{
"category": "self",
"summary": "SUSE Bug 1235436",
"url": "https://bugzilla.suse.com/1235436"
},
{
"category": "self",
"summary": "SUSE Bug 1235441",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "self",
"summary": "SUSE Bug 1235455",
"url": "https://bugzilla.suse.com/1235455"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1235501",
"url": "https://bugzilla.suse.com/1235501"
},
{
"category": "self",
"summary": "SUSE Bug 1235524",
"url": "https://bugzilla.suse.com/1235524"
},
{
"category": "self",
"summary": "SUSE Bug 1235550",
"url": "https://bugzilla.suse.com/1235550"
},
{
"category": "self",
"summary": "SUSE Bug 1235589",
"url": "https://bugzilla.suse.com/1235589"
},
{
"category": "self",
"summary": "SUSE Bug 1235591",
"url": "https://bugzilla.suse.com/1235591"
},
{
"category": "self",
"summary": "SUSE Bug 1235592",
"url": "https://bugzilla.suse.com/1235592"
},
{
"category": "self",
"summary": "SUSE Bug 1235599",
"url": "https://bugzilla.suse.com/1235599"
},
{
"category": "self",
"summary": "SUSE Bug 1235609",
"url": "https://bugzilla.suse.com/1235609"
},
{
"category": "self",
"summary": "SUSE Bug 1235621",
"url": "https://bugzilla.suse.com/1235621"
},
{
"category": "self",
"summary": "SUSE Bug 1235637",
"url": "https://bugzilla.suse.com/1235637"
},
{
"category": "self",
"summary": "SUSE Bug 1235698",
"url": "https://bugzilla.suse.com/1235698"
},
{
"category": "self",
"summary": "SUSE Bug 1235711",
"url": "https://bugzilla.suse.com/1235711"
},
{
"category": "self",
"summary": "SUSE Bug 1235712",
"url": "https://bugzilla.suse.com/1235712"
},
{
"category": "self",
"summary": "SUSE Bug 1235715",
"url": "https://bugzilla.suse.com/1235715"
},
{
"category": "self",
"summary": "SUSE Bug 1235729",
"url": "https://bugzilla.suse.com/1235729"
},
{
"category": "self",
"summary": "SUSE Bug 1235733",
"url": "https://bugzilla.suse.com/1235733"
},
{
"category": "self",
"summary": "SUSE Bug 1235761",
"url": "https://bugzilla.suse.com/1235761"
},
{
"category": "self",
"summary": "SUSE Bug 1235870",
"url": "https://bugzilla.suse.com/1235870"
},
{
"category": "self",
"summary": "SUSE Bug 1235874",
"url": "https://bugzilla.suse.com/1235874"
},
{
"category": "self",
"summary": "SUSE Bug 1235914",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "self",
"summary": "SUSE Bug 1235932",
"url": "https://bugzilla.suse.com/1235932"
},
{
"category": "self",
"summary": "SUSE Bug 1235933",
"url": "https://bugzilla.suse.com/1235933"
},
{
"category": "self",
"summary": "SUSE Bug 1235973",
"url": "https://bugzilla.suse.com/1235973"
},
{
"category": "self",
"summary": "SUSE Bug 1236099",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "self",
"summary": "SUSE Bug 1236111",
"url": "https://bugzilla.suse.com/1236111"
},
{
"category": "self",
"summary": "SUSE Bug 1236113",
"url": "https://bugzilla.suse.com/1236113"
},
{
"category": "self",
"summary": "SUSE Bug 1236114",
"url": "https://bugzilla.suse.com/1236114"
},
{
"category": "self",
"summary": "SUSE Bug 1236115",
"url": "https://bugzilla.suse.com/1236115"
},
{
"category": "self",
"summary": "SUSE Bug 1236122",
"url": "https://bugzilla.suse.com/1236122"
},
{
"category": "self",
"summary": "SUSE Bug 1236123",
"url": "https://bugzilla.suse.com/1236123"
},
{
"category": "self",
"summary": "SUSE Bug 1236133",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "self",
"summary": "SUSE Bug 1236138",
"url": "https://bugzilla.suse.com/1236138"
},
{
"category": "self",
"summary": "SUSE Bug 1236199",
"url": "https://bugzilla.suse.com/1236199"
},
{
"category": "self",
"summary": "SUSE Bug 1236200",
"url": "https://bugzilla.suse.com/1236200"
},
{
"category": "self",
"summary": "SUSE Bug 1236203",
"url": "https://bugzilla.suse.com/1236203"
},
{
"category": "self",
"summary": "SUSE Bug 1236205",
"url": "https://bugzilla.suse.com/1236205"
},
{
"category": "self",
"summary": "SUSE Bug 1236206",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "self",
"summary": "SUSE Bug 1236333",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "self",
"summary": "SUSE Bug 1236573",
"url": "https://bugzilla.suse.com/1236573"
},
{
"category": "self",
"summary": "SUSE Bug 1236575",
"url": "https://bugzilla.suse.com/1236575"
},
{
"category": "self",
"summary": "SUSE Bug 1236576",
"url": "https://bugzilla.suse.com/1236576"
},
{
"category": "self",
"summary": "SUSE Bug 1236591",
"url": "https://bugzilla.suse.com/1236591"
},
{
"category": "self",
"summary": "SUSE Bug 1236661",
"url": "https://bugzilla.suse.com/1236661"
},
{
"category": "self",
"summary": "SUSE Bug 1236677",
"url": "https://bugzilla.suse.com/1236677"
},
{
"category": "self",
"summary": "SUSE Bug 1236680",
"url": "https://bugzilla.suse.com/1236680"
},
{
"category": "self",
"summary": "SUSE Bug 1236681",
"url": "https://bugzilla.suse.com/1236681"
},
{
"category": "self",
"summary": "SUSE Bug 1236682",
"url": "https://bugzilla.suse.com/1236682"
},
{
"category": "self",
"summary": "SUSE Bug 1236683",
"url": "https://bugzilla.suse.com/1236683"
},
{
"category": "self",
"summary": "SUSE Bug 1236684",
"url": "https://bugzilla.suse.com/1236684"
},
{
"category": "self",
"summary": "SUSE Bug 1236685",
"url": "https://bugzilla.suse.com/1236685"
},
{
"category": "self",
"summary": "SUSE Bug 1236689",
"url": "https://bugzilla.suse.com/1236689"
},
{
"category": "self",
"summary": "SUSE Bug 1236692",
"url": "https://bugzilla.suse.com/1236692"
},
{
"category": "self",
"summary": "SUSE Bug 1236694",
"url": "https://bugzilla.suse.com/1236694"
},
{
"category": "self",
"summary": "SUSE Bug 1236698",
"url": "https://bugzilla.suse.com/1236698"
},
{
"category": "self",
"summary": "SUSE Bug 1236700",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "self",
"summary": "SUSE Bug 1236702",
"url": "https://bugzilla.suse.com/1236702"
},
{
"category": "self",
"summary": "SUSE Bug 1236752",
"url": "https://bugzilla.suse.com/1236752"
},
{
"category": "self",
"summary": "SUSE Bug 1236757",
"url": "https://bugzilla.suse.com/1236757"
},
{
"category": "self",
"summary": "SUSE Bug 1236758",
"url": "https://bugzilla.suse.com/1236758"
},
{
"category": "self",
"summary": "SUSE Bug 1236759",
"url": "https://bugzilla.suse.com/1236759"
},
{
"category": "self",
"summary": "SUSE Bug 1236760",
"url": "https://bugzilla.suse.com/1236760"
},
{
"category": "self",
"summary": "SUSE Bug 1236761",
"url": "https://bugzilla.suse.com/1236761"
},
{
"category": "self",
"summary": "SUSE Bug 1236821",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "self",
"summary": "SUSE Bug 1236822",
"url": "https://bugzilla.suse.com/1236822"
},
{
"category": "self",
"summary": "SUSE Bug 1236896",
"url": "https://bugzilla.suse.com/1236896"
},
{
"category": "self",
"summary": "SUSE Bug 1236897",
"url": "https://bugzilla.suse.com/1236897"
},
{
"category": "self",
"summary": "SUSE Bug 1236952",
"url": "https://bugzilla.suse.com/1236952"
},
{
"category": "self",
"summary": "SUSE Bug 1236967",
"url": "https://bugzilla.suse.com/1236967"
},
{
"category": "self",
"summary": "SUSE Bug 1236994",
"url": "https://bugzilla.suse.com/1236994"
},
{
"category": "self",
"summary": "SUSE Bug 1237007",
"url": "https://bugzilla.suse.com/1237007"
},
{
"category": "self",
"summary": "SUSE Bug 1237017",
"url": "https://bugzilla.suse.com/1237017"
},
{
"category": "self",
"summary": "SUSE Bug 1237025",
"url": "https://bugzilla.suse.com/1237025"
},
{
"category": "self",
"summary": "SUSE Bug 1237028",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "self",
"summary": "SUSE Bug 1237029",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "self",
"summary": "SUSE Bug 1237045",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "self",
"summary": "SUSE Bug 1237126",
"url": "https://bugzilla.suse.com/1237126"
},
{
"category": "self",
"summary": "SUSE Bug 1237132",
"url": "https://bugzilla.suse.com/1237132"
},
{
"category": "self",
"summary": "SUSE Bug 1237139",
"url": "https://bugzilla.suse.com/1237139"
},
{
"category": "self",
"summary": "SUSE Bug 1237155",
"url": "https://bugzilla.suse.com/1237155"
},
{
"category": "self",
"summary": "SUSE Bug 1237158",
"url": "https://bugzilla.suse.com/1237158"
},
{
"category": "self",
"summary": "SUSE Bug 1237159",
"url": "https://bugzilla.suse.com/1237159"
},
{
"category": "self",
"summary": "SUSE Bug 1237164",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "self",
"summary": "SUSE Bug 1237232",
"url": "https://bugzilla.suse.com/1237232"
},
{
"category": "self",
"summary": "SUSE Bug 1237234",
"url": "https://bugzilla.suse.com/1237234"
},
{
"category": "self",
"summary": "SUSE Bug 1237313",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "self",
"summary": "SUSE Bug 1237325",
"url": "https://bugzilla.suse.com/1237325"
},
{
"category": "self",
"summary": "SUSE Bug 1237356",
"url": "https://bugzilla.suse.com/1237356"
},
{
"category": "self",
"summary": "SUSE Bug 1237415",
"url": "https://bugzilla.suse.com/1237415"
},
{
"category": "self",
"summary": "SUSE Bug 1237452",
"url": "https://bugzilla.suse.com/1237452"
},
{
"category": "self",
"summary": "SUSE Bug 1237504",
"url": "https://bugzilla.suse.com/1237504"
},
{
"category": "self",
"summary": "SUSE Bug 1237521",
"url": "https://bugzilla.suse.com/1237521"
},
{
"category": "self",
"summary": "SUSE Bug 1237530",
"url": "https://bugzilla.suse.com/1237530"
},
{
"category": "self",
"summary": "SUSE Bug 1237558",
"url": "https://bugzilla.suse.com/1237558"
},
{
"category": "self",
"summary": "SUSE Bug 1237562",
"url": "https://bugzilla.suse.com/1237562"
},
{
"category": "self",
"summary": "SUSE Bug 1237563",
"url": "https://bugzilla.suse.com/1237563"
},
{
"category": "self",
"summary": "SUSE Bug 1237565",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "self",
"summary": "SUSE Bug 1237571",
"url": "https://bugzilla.suse.com/1237571"
},
{
"category": "self",
"summary": "SUSE Bug 1237848",
"url": "https://bugzilla.suse.com/1237848"
},
{
"category": "self",
"summary": "SUSE Bug 1237849",
"url": "https://bugzilla.suse.com/1237849"
},
{
"category": "self",
"summary": "SUSE Bug 1237853",
"url": "https://bugzilla.suse.com/1237853"
},
{
"category": "self",
"summary": "SUSE Bug 1237856",
"url": "https://bugzilla.suse.com/1237856"
},
{
"category": "self",
"summary": "SUSE Bug 1237873",
"url": "https://bugzilla.suse.com/1237873"
},
{
"category": "self",
"summary": "SUSE Bug 1237874",
"url": "https://bugzilla.suse.com/1237874"
},
{
"category": "self",
"summary": "SUSE Bug 1237875",
"url": "https://bugzilla.suse.com/1237875"
},
{
"category": "self",
"summary": "SUSE Bug 1237876",
"url": "https://bugzilla.suse.com/1237876"
},
{
"category": "self",
"summary": "SUSE Bug 1237877",
"url": "https://bugzilla.suse.com/1237877"
},
{
"category": "self",
"summary": "SUSE Bug 1237879",
"url": "https://bugzilla.suse.com/1237879"
},
{
"category": "self",
"summary": "SUSE Bug 1237881",
"url": "https://bugzilla.suse.com/1237881"
},
{
"category": "self",
"summary": "SUSE Bug 1237882",
"url": "https://bugzilla.suse.com/1237882"
},
{
"category": "self",
"summary": "SUSE Bug 1237885",
"url": "https://bugzilla.suse.com/1237885"
},
{
"category": "self",
"summary": "SUSE Bug 1237889",
"url": "https://bugzilla.suse.com/1237889"
},
{
"category": "self",
"summary": "SUSE Bug 1237890",
"url": "https://bugzilla.suse.com/1237890"
},
{
"category": "self",
"summary": "SUSE Bug 1237891",
"url": "https://bugzilla.suse.com/1237891"
},
{
"category": "self",
"summary": "SUSE Bug 1237894",
"url": "https://bugzilla.suse.com/1237894"
},
{
"category": "self",
"summary": "SUSE Bug 1237897",
"url": "https://bugzilla.suse.com/1237897"
},
{
"category": "self",
"summary": "SUSE Bug 1237900",
"url": "https://bugzilla.suse.com/1237900"
},
{
"category": "self",
"summary": "SUSE Bug 1237901",
"url": "https://bugzilla.suse.com/1237901"
},
{
"category": "self",
"summary": "SUSE Bug 1237906",
"url": "https://bugzilla.suse.com/1237906"
},
{
"category": "self",
"summary": "SUSE Bug 1237907",
"url": "https://bugzilla.suse.com/1237907"
},
{
"category": "self",
"summary": "SUSE Bug 1237911",
"url": "https://bugzilla.suse.com/1237911"
},
{
"category": "self",
"summary": "SUSE Bug 1237912",
"url": "https://bugzilla.suse.com/1237912"
},
{
"category": "self",
"summary": "SUSE Bug 1237950",
"url": "https://bugzilla.suse.com/1237950"
},
{
"category": "self",
"summary": "SUSE Bug 1238052",
"url": "https://bugzilla.suse.com/1238052"
},
{
"category": "self",
"summary": "SUSE Bug 1238212",
"url": "https://bugzilla.suse.com/1238212"
},
{
"category": "self",
"summary": "SUSE Bug 1238214",
"url": "https://bugzilla.suse.com/1238214"
},
{
"category": "self",
"summary": "SUSE Bug 1238303",
"url": "https://bugzilla.suse.com/1238303"
},
{
"category": "self",
"summary": "SUSE Bug 1238347",
"url": "https://bugzilla.suse.com/1238347"
},
{
"category": "self",
"summary": "SUSE Bug 1238368",
"url": "https://bugzilla.suse.com/1238368"
},
{
"category": "self",
"summary": "SUSE Bug 1238474",
"url": "https://bugzilla.suse.com/1238474"
},
{
"category": "self",
"summary": "SUSE Bug 1238475",
"url": "https://bugzilla.suse.com/1238475"
},
{
"category": "self",
"summary": "SUSE Bug 1238479",
"url": "https://bugzilla.suse.com/1238479"
},
{
"category": "self",
"summary": "SUSE Bug 1238494",
"url": "https://bugzilla.suse.com/1238494"
},
{
"category": "self",
"summary": "SUSE Bug 1238496",
"url": "https://bugzilla.suse.com/1238496"
},
{
"category": "self",
"summary": "SUSE Bug 1238497",
"url": "https://bugzilla.suse.com/1238497"
},
{
"category": "self",
"summary": "SUSE Bug 1238500",
"url": "https://bugzilla.suse.com/1238500"
},
{
"category": "self",
"summary": "SUSE Bug 1238501",
"url": "https://bugzilla.suse.com/1238501"
},
{
"category": "self",
"summary": "SUSE Bug 1238502",
"url": "https://bugzilla.suse.com/1238502"
},
{
"category": "self",
"summary": "SUSE Bug 1238503",
"url": "https://bugzilla.suse.com/1238503"
},
{
"category": "self",
"summary": "SUSE Bug 1238506",
"url": "https://bugzilla.suse.com/1238506"
},
{
"category": "self",
"summary": "SUSE Bug 1238507",
"url": "https://bugzilla.suse.com/1238507"
},
{
"category": "self",
"summary": "SUSE Bug 1238509",
"url": "https://bugzilla.suse.com/1238509"
},
{
"category": "self",
"summary": "SUSE Bug 1238510",
"url": "https://bugzilla.suse.com/1238510"
},
{
"category": "self",
"summary": "SUSE Bug 1238511",
"url": "https://bugzilla.suse.com/1238511"
},
{
"category": "self",
"summary": "SUSE Bug 1238512",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "self",
"summary": "SUSE Bug 1238521",
"url": "https://bugzilla.suse.com/1238521"
},
{
"category": "self",
"summary": "SUSE Bug 1238523",
"url": "https://bugzilla.suse.com/1238523"
},
{
"category": "self",
"summary": "SUSE Bug 1238525",
"url": "https://bugzilla.suse.com/1238525"
},
{
"category": "self",
"summary": "SUSE Bug 1238526",
"url": "https://bugzilla.suse.com/1238526"
},
{
"category": "self",
"summary": "SUSE Bug 1238528",
"url": "https://bugzilla.suse.com/1238528"
},
{
"category": "self",
"summary": "SUSE Bug 1238529",
"url": "https://bugzilla.suse.com/1238529"
},
{
"category": "self",
"summary": "SUSE Bug 1238531",
"url": "https://bugzilla.suse.com/1238531"
},
{
"category": "self",
"summary": "SUSE Bug 1238532",
"url": "https://bugzilla.suse.com/1238532"
},
{
"category": "self",
"summary": "SUSE Bug 1238565",
"url": "https://bugzilla.suse.com/1238565"
},
{
"category": "self",
"summary": "SUSE Bug 1238570",
"url": "https://bugzilla.suse.com/1238570"
},
{
"category": "self",
"summary": "SUSE Bug 1238715",
"url": "https://bugzilla.suse.com/1238715"
},
{
"category": "self",
"summary": "SUSE Bug 1238716",
"url": "https://bugzilla.suse.com/1238716"
},
{
"category": "self",
"summary": "SUSE Bug 1238734",
"url": "https://bugzilla.suse.com/1238734"
},
{
"category": "self",
"summary": "SUSE Bug 1238735",
"url": "https://bugzilla.suse.com/1238735"
},
{
"category": "self",
"summary": "SUSE Bug 1238736",
"url": "https://bugzilla.suse.com/1238736"
},
{
"category": "self",
"summary": "SUSE Bug 1238738",
"url": "https://bugzilla.suse.com/1238738"
},
{
"category": "self",
"summary": "SUSE Bug 1238739",
"url": "https://bugzilla.suse.com/1238739"
},
{
"category": "self",
"summary": "SUSE Bug 1238746",
"url": "https://bugzilla.suse.com/1238746"
},
{
"category": "self",
"summary": "SUSE Bug 1238747",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "self",
"summary": "SUSE Bug 1238751",
"url": "https://bugzilla.suse.com/1238751"
},
{
"category": "self",
"summary": "SUSE Bug 1238753",
"url": "https://bugzilla.suse.com/1238753"
},
{
"category": "self",
"summary": "SUSE Bug 1238754",
"url": "https://bugzilla.suse.com/1238754"
},
{
"category": "self",
"summary": "SUSE Bug 1238757",
"url": "https://bugzilla.suse.com/1238757"
},
{
"category": "self",
"summary": "SUSE Bug 1238759",
"url": "https://bugzilla.suse.com/1238759"
},
{
"category": "self",
"summary": "SUSE Bug 1238760",
"url": "https://bugzilla.suse.com/1238760"
},
{
"category": "self",
"summary": "SUSE Bug 1238762",
"url": "https://bugzilla.suse.com/1238762"
},
{
"category": "self",
"summary": "SUSE Bug 1238763",
"url": "https://bugzilla.suse.com/1238763"
},
{
"category": "self",
"summary": "SUSE Bug 1238767",
"url": "https://bugzilla.suse.com/1238767"
},
{
"category": "self",
"summary": "SUSE Bug 1238768",
"url": "https://bugzilla.suse.com/1238768"
},
{
"category": "self",
"summary": "SUSE Bug 1238771",
"url": "https://bugzilla.suse.com/1238771"
},
{
"category": "self",
"summary": "SUSE Bug 1238772",
"url": "https://bugzilla.suse.com/1238772"
},
{
"category": "self",
"summary": "SUSE Bug 1238773",
"url": "https://bugzilla.suse.com/1238773"
},
{
"category": "self",
"summary": "SUSE Bug 1238775",
"url": "https://bugzilla.suse.com/1238775"
},
{
"category": "self",
"summary": "SUSE Bug 1238780",
"url": "https://bugzilla.suse.com/1238780"
},
{
"category": "self",
"summary": "SUSE Bug 1238781",
"url": "https://bugzilla.suse.com/1238781"
},
{
"category": "self",
"summary": "SUSE Bug 1238785",
"url": "https://bugzilla.suse.com/1238785"
},
{
"category": "self",
"summary": "SUSE Bug 1238860",
"url": "https://bugzilla.suse.com/1238860"
},
{
"category": "self",
"summary": "SUSE Bug 1238863",
"url": "https://bugzilla.suse.com/1238863"
},
{
"category": "self",
"summary": "SUSE Bug 1238864",
"url": "https://bugzilla.suse.com/1238864"
},
{
"category": "self",
"summary": "SUSE Bug 1238865",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "self",
"summary": "SUSE Bug 1238876",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "self",
"summary": "SUSE Bug 1238877",
"url": "https://bugzilla.suse.com/1238877"
},
{
"category": "self",
"summary": "SUSE Bug 1238903",
"url": "https://bugzilla.suse.com/1238903"
},
{
"category": "self",
"summary": "SUSE Bug 1238904",
"url": "https://bugzilla.suse.com/1238904"
},
{
"category": "self",
"summary": "SUSE Bug 1238905",
"url": "https://bugzilla.suse.com/1238905"
},
{
"category": "self",
"summary": "SUSE Bug 1238909",
"url": "https://bugzilla.suse.com/1238909"
},
{
"category": "self",
"summary": "SUSE Bug 1238911",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "self",
"summary": "SUSE Bug 1238917",
"url": "https://bugzilla.suse.com/1238917"
},
{
"category": "self",
"summary": "SUSE Bug 1238958",
"url": "https://bugzilla.suse.com/1238958"
},
{
"category": "self",
"summary": "SUSE Bug 1238959",
"url": "https://bugzilla.suse.com/1238959"
},
{
"category": "self",
"summary": "SUSE Bug 1238963",
"url": "https://bugzilla.suse.com/1238963"
},
{
"category": "self",
"summary": "SUSE Bug 1238964",
"url": "https://bugzilla.suse.com/1238964"
},
{
"category": "self",
"summary": "SUSE Bug 1238969",
"url": "https://bugzilla.suse.com/1238969"
},
{
"category": "self",
"summary": "SUSE Bug 1238970",
"url": "https://bugzilla.suse.com/1238970"
},
{
"category": "self",
"summary": "SUSE Bug 1238971",
"url": "https://bugzilla.suse.com/1238971"
},
{
"category": "self",
"summary": "SUSE Bug 1238973",
"url": "https://bugzilla.suse.com/1238973"
},
{
"category": "self",
"summary": "SUSE Bug 1238975",
"url": "https://bugzilla.suse.com/1238975"
},
{
"category": "self",
"summary": "SUSE Bug 1238978",
"url": "https://bugzilla.suse.com/1238978"
},
{
"category": "self",
"summary": "SUSE Bug 1238979",
"url": "https://bugzilla.suse.com/1238979"
},
{
"category": "self",
"summary": "SUSE Bug 1238981",
"url": "https://bugzilla.suse.com/1238981"
},
{
"category": "self",
"summary": "SUSE Bug 1238984",
"url": "https://bugzilla.suse.com/1238984"
},
{
"category": "self",
"summary": "SUSE Bug 1238986",
"url": "https://bugzilla.suse.com/1238986"
},
{
"category": "self",
"summary": "SUSE Bug 1238990",
"url": "https://bugzilla.suse.com/1238990"
},
{
"category": "self",
"summary": "SUSE Bug 1238993",
"url": "https://bugzilla.suse.com/1238993"
},
{
"category": "self",
"summary": "SUSE Bug 1238994",
"url": "https://bugzilla.suse.com/1238994"
},
{
"category": "self",
"summary": "SUSE Bug 1238997",
"url": "https://bugzilla.suse.com/1238997"
},
{
"category": "self",
"summary": "SUSE Bug 1239015",
"url": "https://bugzilla.suse.com/1239015"
},
{
"category": "self",
"summary": "SUSE Bug 1239016",
"url": "https://bugzilla.suse.com/1239016"
},
{
"category": "self",
"summary": "SUSE Bug 1239027",
"url": "https://bugzilla.suse.com/1239027"
},
{
"category": "self",
"summary": "SUSE Bug 1239029",
"url": "https://bugzilla.suse.com/1239029"
},
{
"category": "self",
"summary": "SUSE Bug 1239030",
"url": "https://bugzilla.suse.com/1239030"
},
{
"category": "self",
"summary": "SUSE Bug 1239033",
"url": "https://bugzilla.suse.com/1239033"
},
{
"category": "self",
"summary": "SUSE Bug 1239034",
"url": "https://bugzilla.suse.com/1239034"
},
{
"category": "self",
"summary": "SUSE Bug 1239036",
"url": "https://bugzilla.suse.com/1239036"
},
{
"category": "self",
"summary": "SUSE Bug 1239037",
"url": "https://bugzilla.suse.com/1239037"
},
{
"category": "self",
"summary": "SUSE Bug 1239038",
"url": "https://bugzilla.suse.com/1239038"
},
{
"category": "self",
"summary": "SUSE Bug 1239039",
"url": "https://bugzilla.suse.com/1239039"
},
{
"category": "self",
"summary": "SUSE Bug 1239045",
"url": "https://bugzilla.suse.com/1239045"
},
{
"category": "self",
"summary": "SUSE Bug 1239065",
"url": "https://bugzilla.suse.com/1239065"
},
{
"category": "self",
"summary": "SUSE Bug 1239066",
"url": "https://bugzilla.suse.com/1239066"
},
{
"category": "self",
"summary": "SUSE Bug 1239068",
"url": "https://bugzilla.suse.com/1239068"
},
{
"category": "self",
"summary": "SUSE Bug 1239073",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "self",
"summary": "SUSE Bug 1239076",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "self",
"summary": "SUSE Bug 1239080",
"url": "https://bugzilla.suse.com/1239080"
},
{
"category": "self",
"summary": "SUSE Bug 1239085",
"url": "https://bugzilla.suse.com/1239085"
},
{
"category": "self",
"summary": "SUSE Bug 1239087",
"url": "https://bugzilla.suse.com/1239087"
},
{
"category": "self",
"summary": "SUSE Bug 1239095",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "self",
"summary": "SUSE Bug 1239104",
"url": "https://bugzilla.suse.com/1239104"
},
{
"category": "self",
"summary": "SUSE Bug 1239105",
"url": "https://bugzilla.suse.com/1239105"
},
{
"category": "self",
"summary": "SUSE Bug 1239109",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "self",
"summary": "SUSE Bug 1239112",
"url": "https://bugzilla.suse.com/1239112"
},
{
"category": "self",
"summary": "SUSE Bug 1239114",
"url": "https://bugzilla.suse.com/1239114"
},
{
"category": "self",
"summary": "SUSE Bug 1239115",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "self",
"summary": "SUSE Bug 1239117",
"url": "https://bugzilla.suse.com/1239117"
},
{
"category": "self",
"summary": "SUSE Bug 1239167",
"url": "https://bugzilla.suse.com/1239167"
},
{
"category": "self",
"summary": "SUSE Bug 1239174",
"url": "https://bugzilla.suse.com/1239174"
},
{
"category": "self",
"summary": "SUSE Bug 1239346",
"url": "https://bugzilla.suse.com/1239346"
},
{
"category": "self",
"summary": "SUSE Bug 1239349",
"url": "https://bugzilla.suse.com/1239349"
},
{
"category": "self",
"summary": "SUSE Bug 1239435",
"url": "https://bugzilla.suse.com/1239435"
},
{
"category": "self",
"summary": "SUSE Bug 1239467",
"url": "https://bugzilla.suse.com/1239467"
},
{
"category": "self",
"summary": "SUSE Bug 1239468",
"url": "https://bugzilla.suse.com/1239468"
},
{
"category": "self",
"summary": "SUSE Bug 1239471",
"url": "https://bugzilla.suse.com/1239471"
},
{
"category": "self",
"summary": "SUSE Bug 1239473",
"url": "https://bugzilla.suse.com/1239473"
},
{
"category": "self",
"summary": "SUSE Bug 1239474",
"url": "https://bugzilla.suse.com/1239474"
},
{
"category": "self",
"summary": "SUSE Bug 1239475",
"url": "https://bugzilla.suse.com/1239475"
},
{
"category": "self",
"summary": "SUSE Bug 1239477",
"url": "https://bugzilla.suse.com/1239477"
},
{
"category": "self",
"summary": "SUSE Bug 1239478",
"url": "https://bugzilla.suse.com/1239478"
},
{
"category": "self",
"summary": "SUSE Bug 1239479",
"url": "https://bugzilla.suse.com/1239479"
},
{
"category": "self",
"summary": "SUSE Bug 1239481",
"url": "https://bugzilla.suse.com/1239481"
},
{
"category": "self",
"summary": "SUSE Bug 1239482",
"url": "https://bugzilla.suse.com/1239482"
},
{
"category": "self",
"summary": "SUSE Bug 1239483",
"url": "https://bugzilla.suse.com/1239483"
},
{
"category": "self",
"summary": "SUSE Bug 1239484",
"url": "https://bugzilla.suse.com/1239484"
},
{
"category": "self",
"summary": "SUSE Bug 1239486",
"url": "https://bugzilla.suse.com/1239486"
},
{
"category": "self",
"summary": "SUSE Bug 1239508",
"url": "https://bugzilla.suse.com/1239508"
},
{
"category": "self",
"summary": "SUSE Bug 1239512",
"url": "https://bugzilla.suse.com/1239512"
},
{
"category": "self",
"summary": "SUSE Bug 1239518",
"url": "https://bugzilla.suse.com/1239518"
},
{
"category": "self",
"summary": "SUSE Bug 1239573",
"url": "https://bugzilla.suse.com/1239573"
},
{
"category": "self",
"summary": "SUSE Bug 1239594",
"url": "https://bugzilla.suse.com/1239594"
},
{
"category": "self",
"summary": "SUSE Bug 1239595",
"url": "https://bugzilla.suse.com/1239595"
},
{
"category": "self",
"summary": "SUSE Bug 1239600",
"url": "https://bugzilla.suse.com/1239600"
},
{
"category": "self",
"summary": "SUSE Bug 1239605",
"url": "https://bugzilla.suse.com/1239605"
},
{
"category": "self",
"summary": "SUSE Bug 1239615",
"url": "https://bugzilla.suse.com/1239615"
},
{
"category": "self",
"summary": "SUSE Bug 1239644",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "self",
"summary": "SUSE Bug 1239684",
"url": "https://bugzilla.suse.com/1239684"
},
{
"category": "self",
"summary": "SUSE Bug 1239707",
"url": "https://bugzilla.suse.com/1239707"
},
{
"category": "self",
"summary": "SUSE Bug 1239906",
"url": "https://bugzilla.suse.com/1239906"
},
{
"category": "self",
"summary": "SUSE Bug 1239925",
"url": "https://bugzilla.suse.com/1239925"
},
{
"category": "self",
"summary": "SUSE Bug 1239986",
"url": "https://bugzilla.suse.com/1239986"
},
{
"category": "self",
"summary": "SUSE Bug 1239994",
"url": "https://bugzilla.suse.com/1239994"
},
{
"category": "self",
"summary": "SUSE Bug 1240167",
"url": "https://bugzilla.suse.com/1240167"
},
{
"category": "self",
"summary": "SUSE Bug 1240168",
"url": "https://bugzilla.suse.com/1240168"
},
{
"category": "self",
"summary": "SUSE Bug 1240169",
"url": "https://bugzilla.suse.com/1240169"
},
{
"category": "self",
"summary": "SUSE Bug 1240171",
"url": "https://bugzilla.suse.com/1240171"
},
{
"category": "self",
"summary": "SUSE Bug 1240172",
"url": "https://bugzilla.suse.com/1240172"
},
{
"category": "self",
"summary": "SUSE Bug 1240173",
"url": "https://bugzilla.suse.com/1240173"
},
{
"category": "self",
"summary": "SUSE Bug 1240175",
"url": "https://bugzilla.suse.com/1240175"
},
{
"category": "self",
"summary": "SUSE Bug 1240176",
"url": "https://bugzilla.suse.com/1240176"
},
{
"category": "self",
"summary": "SUSE Bug 1240177",
"url": "https://bugzilla.suse.com/1240177"
},
{
"category": "self",
"summary": "SUSE Bug 1240179",
"url": "https://bugzilla.suse.com/1240179"
},
{
"category": "self",
"summary": "SUSE Bug 1240182",
"url": "https://bugzilla.suse.com/1240182"
},
{
"category": "self",
"summary": "SUSE Bug 1240183",
"url": "https://bugzilla.suse.com/1240183"
},
{
"category": "self",
"summary": "SUSE Bug 1240184",
"url": "https://bugzilla.suse.com/1240184"
},
{
"category": "self",
"summary": "SUSE Bug 1240185",
"url": "https://bugzilla.suse.com/1240185"
},
{
"category": "self",
"summary": "SUSE Bug 1240186",
"url": "https://bugzilla.suse.com/1240186"
},
{
"category": "self",
"summary": "SUSE Bug 1240188",
"url": "https://bugzilla.suse.com/1240188"
},
{
"category": "self",
"summary": "SUSE Bug 1240189",
"url": "https://bugzilla.suse.com/1240189"
},
{
"category": "self",
"summary": "SUSE Bug 1240191",
"url": "https://bugzilla.suse.com/1240191"
},
{
"category": "self",
"summary": "SUSE Bug 1240192",
"url": "https://bugzilla.suse.com/1240192"
},
{
"category": "self",
"summary": "SUSE Bug 1240333",
"url": "https://bugzilla.suse.com/1240333"
},
{
"category": "self",
"summary": "SUSE Bug 1240334",
"url": "https://bugzilla.suse.com/1240334"
},
{
"category": "self",
"summary": "SUSE Bug 1240375",
"url": "https://bugzilla.suse.com/1240375"
},
{
"category": "self",
"summary": "SUSE Bug 1240575",
"url": "https://bugzilla.suse.com/1240575"
},
{
"category": "self",
"summary": "SUSE Bug 1240581",
"url": "https://bugzilla.suse.com/1240581"
},
{
"category": "self",
"summary": "SUSE Bug 1240582",
"url": "https://bugzilla.suse.com/1240582"
},
{
"category": "self",
"summary": "SUSE Bug 1240583",
"url": "https://bugzilla.suse.com/1240583"
},
{
"category": "self",
"summary": "SUSE Bug 1240584",
"url": "https://bugzilla.suse.com/1240584"
},
{
"category": "self",
"summary": "SUSE Bug 1240585",
"url": "https://bugzilla.suse.com/1240585"
},
{
"category": "self",
"summary": "SUSE Bug 1240587",
"url": "https://bugzilla.suse.com/1240587"
},
{
"category": "self",
"summary": "SUSE Bug 1240590",
"url": "https://bugzilla.suse.com/1240590"
},
{
"category": "self",
"summary": "SUSE Bug 1240591",
"url": "https://bugzilla.suse.com/1240591"
},
{
"category": "self",
"summary": "SUSE Bug 1240592",
"url": "https://bugzilla.suse.com/1240592"
},
{
"category": "self",
"summary": "SUSE Bug 1240594",
"url": "https://bugzilla.suse.com/1240594"
},
{
"category": "self",
"summary": "SUSE Bug 1240595",
"url": "https://bugzilla.suse.com/1240595"
},
{
"category": "self",
"summary": "SUSE Bug 1240596",
"url": "https://bugzilla.suse.com/1240596"
},
{
"category": "self",
"summary": "SUSE Bug 1240600",
"url": "https://bugzilla.suse.com/1240600"
},
{
"category": "self",
"summary": "SUSE Bug 1240612",
"url": "https://bugzilla.suse.com/1240612"
},
{
"category": "self",
"summary": "SUSE Bug 1240616",
"url": "https://bugzilla.suse.com/1240616"
},
{
"category": "self",
"summary": "SUSE Bug 1240639",
"url": "https://bugzilla.suse.com/1240639"
},
{
"category": "self",
"summary": "SUSE Bug 1240643",
"url": "https://bugzilla.suse.com/1240643"
},
{
"category": "self",
"summary": "SUSE Bug 1240647",
"url": "https://bugzilla.suse.com/1240647"
},
{
"category": "self",
"summary": "SUSE Bug 1240691",
"url": "https://bugzilla.suse.com/1240691"
},
{
"category": "self",
"summary": "SUSE Bug 1240700",
"url": "https://bugzilla.suse.com/1240700"
},
{
"category": "self",
"summary": "SUSE Bug 1240701",
"url": "https://bugzilla.suse.com/1240701"
},
{
"category": "self",
"summary": "SUSE Bug 1240703",
"url": "https://bugzilla.suse.com/1240703"
},
{
"category": "self",
"summary": "SUSE Bug 1240708",
"url": "https://bugzilla.suse.com/1240708"
},
{
"category": "self",
"summary": "SUSE Bug 1240714",
"url": "https://bugzilla.suse.com/1240714"
},
{
"category": "self",
"summary": "SUSE Bug 1240715",
"url": "https://bugzilla.suse.com/1240715"
},
{
"category": "self",
"summary": "SUSE Bug 1240716",
"url": "https://bugzilla.suse.com/1240716"
},
{
"category": "self",
"summary": "SUSE Bug 1240718",
"url": "https://bugzilla.suse.com/1240718"
},
{
"category": "self",
"summary": "SUSE Bug 1240719",
"url": "https://bugzilla.suse.com/1240719"
},
{
"category": "self",
"summary": "SUSE Bug 1240720",
"url": "https://bugzilla.suse.com/1240720"
},
{
"category": "self",
"summary": "SUSE Bug 1240722",
"url": "https://bugzilla.suse.com/1240722"
},
{
"category": "self",
"summary": "SUSE Bug 1240727",
"url": "https://bugzilla.suse.com/1240727"
},
{
"category": "self",
"summary": "SUSE Bug 1240739",
"url": "https://bugzilla.suse.com/1240739"
},
{
"category": "self",
"summary": "SUSE Bug 1240742",
"url": "https://bugzilla.suse.com/1240742"
},
{
"category": "self",
"summary": "SUSE Bug 1240779",
"url": "https://bugzilla.suse.com/1240779"
},
{
"category": "self",
"summary": "SUSE Bug 1240783",
"url": "https://bugzilla.suse.com/1240783"
},
{
"category": "self",
"summary": "SUSE Bug 1240784",
"url": "https://bugzilla.suse.com/1240784"
},
{
"category": "self",
"summary": "SUSE Bug 1240795",
"url": "https://bugzilla.suse.com/1240795"
},
{
"category": "self",
"summary": "SUSE Bug 1240796",
"url": "https://bugzilla.suse.com/1240796"
},
{
"category": "self",
"summary": "SUSE Bug 1240797",
"url": "https://bugzilla.suse.com/1240797"
},
{
"category": "self",
"summary": "SUSE Bug 1240799",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "self",
"summary": "SUSE Bug 1240801",
"url": "https://bugzilla.suse.com/1240801"
},
{
"category": "self",
"summary": "SUSE Bug 1240806",
"url": "https://bugzilla.suse.com/1240806"
},
{
"category": "self",
"summary": "SUSE Bug 1240808",
"url": "https://bugzilla.suse.com/1240808"
},
{
"category": "self",
"summary": "SUSE Bug 1240812",
"url": "https://bugzilla.suse.com/1240812"
},
{
"category": "self",
"summary": "SUSE Bug 1240813",
"url": "https://bugzilla.suse.com/1240813"
},
{
"category": "self",
"summary": "SUSE Bug 1240815",
"url": "https://bugzilla.suse.com/1240815"
},
{
"category": "self",
"summary": "SUSE Bug 1240816",
"url": "https://bugzilla.suse.com/1240816"
},
{
"category": "self",
"summary": "SUSE Bug 1240819",
"url": "https://bugzilla.suse.com/1240819"
},
{
"category": "self",
"summary": "SUSE Bug 1240821",
"url": "https://bugzilla.suse.com/1240821"
},
{
"category": "self",
"summary": "SUSE Bug 1240825",
"url": "https://bugzilla.suse.com/1240825"
},
{
"category": "self",
"summary": "SUSE Bug 1240829",
"url": "https://bugzilla.suse.com/1240829"
},
{
"category": "self",
"summary": "SUSE Bug 1240873",
"url": "https://bugzilla.suse.com/1240873"
},
{
"category": "self",
"summary": "SUSE Bug 1240937",
"url": "https://bugzilla.suse.com/1240937"
},
{
"category": "self",
"summary": "SUSE Bug 1240938",
"url": "https://bugzilla.suse.com/1240938"
},
{
"category": "self",
"summary": "SUSE Bug 1240940",
"url": "https://bugzilla.suse.com/1240940"
},
{
"category": "self",
"summary": "SUSE Bug 1240942",
"url": "https://bugzilla.suse.com/1240942"
},
{
"category": "self",
"summary": "SUSE Bug 1240943",
"url": "https://bugzilla.suse.com/1240943"
},
{
"category": "self",
"summary": "SUSE Bug 1240978",
"url": "https://bugzilla.suse.com/1240978"
},
{
"category": "self",
"summary": "SUSE Bug 1240979",
"url": "https://bugzilla.suse.com/1240979"
},
{
"category": "self",
"summary": "SUSE Bug 1241038",
"url": "https://bugzilla.suse.com/1241038"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52831 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52925 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52926 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52927 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26634 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26810 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26873 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-27415 page",
"url": "https://www.suse.com/security/cve/CVE-2024-27415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35826 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-35910 page",
"url": "https://www.suse.com/security/cve/CVE-2024-35910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38606 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41077 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41149 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-42307 page",
"url": "https://www.suse.com/security/cve/CVE-2024-42307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43820 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-44974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-44974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45010 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46736 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46782 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46796 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46858 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47408 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47701 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47794 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49571 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49884 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49924 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49940 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49940/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49950 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-49994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-49994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50029 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50036 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50038 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50073 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50115 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50126 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50142 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50152 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50185 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50251 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50258 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50290 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50294 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50304 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52559 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53123 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53124 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53139 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53140 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53163 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53173 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53178 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53239 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53680 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54683 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56539 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56548 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56579 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56605 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56638 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56640 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56647 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56658 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56702 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56703 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56718 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56719 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56720 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56751 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56758 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56770 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57807 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57882 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57889 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57900 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57948 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57973 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57974 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57980 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57981 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57986 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57990 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57990/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57993 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57994 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57996 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57997 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-57999 page",
"url": "https://www.suse.com/security/cve/CVE-2024-57999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58002 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58005 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58006 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58007 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58009 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58011 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58012 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58013 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58014 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58017 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58018 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58019 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58020 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58034 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58051 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58052 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58054 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58055 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58056 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58057 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58061 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58063 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58071 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58072 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58078 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58079 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58080 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58083 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21631 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21635 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21636 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21637 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21637/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21638 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21639 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21640 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21647 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21659 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21665 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21666 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21667 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21668 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21669 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21670 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21671 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21688 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21689 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21689/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21690 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21703 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21704 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21705 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21708 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21711 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21716 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21741 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21743 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21745 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21755 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21762 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21767 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21773 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21773/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21775 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21775/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21776 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21779 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21780 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21781 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21782 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21784 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21784/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21791/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21793 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21793/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21796 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21796/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21802 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21804 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21804/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21806 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21815 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21815/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21819 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21820 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21821 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21823 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21825 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21829 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21830 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21831 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21835 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21836 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21838 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21846 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21855 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21856 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21857 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21858 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21859 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21862 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21863 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21873 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21875 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21877 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21878 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21883 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21884 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21885 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21886 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21887 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21888 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21890 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21892 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21894 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21894/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21908 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21908/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21909 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21910 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21910/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21912 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21916 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21916/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21917 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21917/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21918 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21922 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21923 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21924 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21927 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21928 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21930 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21935 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21936 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21941 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21943 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21950 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21951 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21951/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21953 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21953/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21956 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21956/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21960 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21961 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21966 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21975 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21979 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21992 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22001 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22003 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22007 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22009 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22014 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2312 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2312/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-04-17T14:37:10Z",
"generator": {
"date": "2025-04-17T14:37:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20192-1",
"initial_release_date": "2025-04-17T14:37:10Z",
"revision_history": [
{
"date": "2025-04-17T14:37:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.aarch64",
"product": {
"name": "kernel-default-6.4.0-28.1.aarch64",
"product_id": "kernel-default-6.4.0-28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"product_id": "kernel-default-base-6.4.0-28.1.21.6.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-28.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-28.1.noarch",
"product_id": "kernel-devel-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-28.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-28.1.noarch",
"product_id": "kernel-macros-6.4.0-28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-28.1.noarch",
"product": {
"name": "kernel-source-6.4.0-28.1.noarch",
"product_id": "kernel-source-6.4.0-28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.s390x",
"product": {
"name": "kernel-default-6.4.0-28.1.s390x",
"product_id": "kernel-default-6.4.0-28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-28.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-28.1.s390x",
"product_id": "kernel-default-livepatch-6.4.0-28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"product_id": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-default-6.4.0-28.1.x86_64",
"product_id": "kernel-default-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"product_id": "kernel-default-base-6.4.0-28.1.21.6.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64"
},
"product_reference": "kernel-default-6.4.0-28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x"
},
"product_reference": "kernel-default-6.4.0-28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-default-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-28.1.21.6.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-28.1.21.6.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-28.1.21.6.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-28.1.21.6.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-28.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-28.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-28.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
},
"product_reference": "kernel-source-6.4.0-28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don\u0027t offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the \"isolcpus=\" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n rebuild_sched_domains_locked()\n ndoms = generate_sched_domains(\u0026doms, \u0026attr);\n cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52831",
"url": "https://www.suse.com/security/cve/CVE-2023-52831"
},
{
"category": "external",
"summary": "SUSE Bug 1225533 for CVE-2023-52831",
"url": "https://bugzilla.suse.com/1225533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2023-52831"
},
{
"cve": "CVE-2023-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t skip expired elements during walk\n\nThere is an asymmetry between commit/abort and preparation phase if the\nfollowing conditions are met:\n\n1. set is a verdict map (\"1.2.3.4 : jump foo\")\n2. timeouts are enabled\n\nIn this case, following sequence is problematic:\n\n1. element E in set S refers to chain C\n2. userspace requests removal of set S\n3. kernel does a set walk to decrement chain-\u003euse count for all elements\n from preparation phase\n4. kernel does another set walk to remove elements from the commit phase\n (or another walk to do a chain-\u003euse increment for all elements from\n abort phase)\n\nIf E has already expired in 1), it will be ignored during list walk, so its use count\nwon\u0027t have been changed.\n\nThen, when set is culled, -\u003edestroy callback will zap the element via\nnf_tables_set_elem_destroy(), but this function is only safe for\nelements that have been deactivated earlier from the preparation phase:\nlack of earlier deactivate removes the element but leaks the chain use\ncount, which results in a WARN splat when the chain gets removed later,\nplus a leak of the nft_chain structure.\n\nUpdate pipapo_get() not to skip expired elements, otherwise flush\ncommand reports bogus ENOENT errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52924",
"url": "https://www.suse.com/security/cve/CVE-2023-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1236821 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1236821"
},
{
"category": "external",
"summary": "SUSE Bug 1244630 for CVE-2023-52924",
"url": "https://bugzilla.suse.com/1244630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: don\u0027t fail inserts if duplicate has expired\n\nnftables selftests fail:\nrun-tests.sh testcases/sets/0044interval_overlap_0\nExpected: 0-2 . 0-3, got:\nW: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1\n\nInsertion must ignore duplicate but expired entries.\n\nMoreover, there is a strange asymmetry in nft_pipapo_activate:\n\nIt refetches the current element, whereas the other -\u003eactivate callbacks\n(bitmap, hash, rhash, rbtree) use elem-\u003epriv.\nSame for .remove: other set implementations take elem-\u003epriv,\nnft_pipapo_remove fetches elem-\u003epriv, then does a relookup,\nremove this.\n\nI suspect this was the reason for the change that prompted the\nremoval of the expired check in pipapo_get() in the first place,\nbut skipping exired elements there makes no sense to me, this helper\nis used for normal get requests, insertions (duplicate check)\nand deactivate callback.\n\nIn first two cases expired elements must be skipped.\n\nFor -\u003edeactivate(), this gets called for DELSETELEM, so it\nseems to me that expired elements should be skipped as well, i.e.\ndelete request should fail with -ENOENT error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52925",
"url": "https://www.suse.com/security/cve/CVE-2023-52925"
},
{
"category": "external",
"summary": "SUSE Bug 1236822 for CVE-2023-52925",
"url": "https://bugzilla.suse.com/1236822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2023-52926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52926"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIORING_OP_READ did not correctly consume the provided buffer list when\nread i/o returned \u003c 0 (except for -EAGAIN and -EIOCBQUEUED return).\nThis can lead to a potential use-after-free when the completion via\nio_rw_done runs at separate context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52926",
"url": "https://www.suse.com/security/cve/CVE-2023-52926"
},
{
"category": "external",
"summary": "SUSE Bug 1237565 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237565"
},
{
"category": "external",
"summary": "SUSE Bug 1237567 for CVE-2023-52926",
"url": "https://bugzilla.suse.com/1237567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52926"
},
{
"cve": "CVE-2023-52927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: allow exp not to be removed in nf_ct_find_expectation\n\nCurrently nf_conntrack_in() calling nf_ct_find_expectation() will\nremove the exp from the hash table. However, in some scenario, we\nexpect the exp not to be removed when the created ct will not be\nconfirmed, like in OVS and TC conntrack in the following patches.\n\nThis patch allows exp not to be removed by setting IPS_CONFIRMED\nin the status of the tmpl.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52927",
"url": "https://www.suse.com/security/cve/CVE-2023-52927"
},
{
"category": "external",
"summary": "SUSE Bug 1239644 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1239644"
},
{
"category": "external",
"summary": "SUSE Bug 1246016 for CVE-2023-52927",
"url": "https://bugzilla.suse.com/1246016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-26634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26634"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix removing a namespace with conflicting altnames\n\nMark reports a BUG() when a net namespace is removed.\n\n kernel BUG at net/core/dev.c:11520!\n\nPhysical interfaces moved outside of init_net get \"refunded\"\nto init_net when that namespace disappears. The main interface\nname may get overwritten in the process if it would have\nconflicted. We need to also discard all conflicting altnames.\nRecent fixes addressed ensuring that altnames get moved\nwith the main interface, which surfaced this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26634",
"url": "https://www.suse.com/security/cve/CVE-2024-26634"
},
{
"category": "external",
"summary": "SUSE Bug 1221651 for CVE-2024-26634",
"url": "https://bugzilla.suse.com/1221651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26634"
},
{
"cve": "CVE-2024-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26708",
"url": "https://www.suse.com/security/cve/CVE-2024-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1222672 for CVE-2024-26708",
"url": "https://bugzilla.suse.com/1222672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl. Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate. For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured. A subsequent patch introduces synchronization for\nthe latter flows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26810",
"url": "https://www.suse.com/security/cve/CVE-2024-26810"
},
{
"category": "external",
"summary": "SUSE Bug 1222803 for CVE-2024-26810",
"url": "https://bugzilla.suse.com/1222803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix a deadlock issue related to automatic dump\n\nIf we issue a disabling PHY command, the device attached with it will go\noffline, if a 2 bit ECC error occurs at the same time, a hung task may be\nfound:\n\n[ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds.\n[ 4613.666297] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208\n[ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas]\n[ 4613.691518] Call trace:\n[ 4613.694678] __switch_to+0xf8/0x17c\n[ 4613.698872] __schedule+0x660/0xee0\n[ 4613.703063] schedule+0xac/0x240\n[ 4613.706994] schedule_timeout+0x500/0x610\n[ 4613.711705] __down+0x128/0x36c\n[ 4613.715548] down+0x240/0x2d0\n[ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main]\n[ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas]\n[ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas]\n[ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main]\n[ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main]\n[ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas]\n[ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas]\n[ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas]\n[ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas]\n[ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas]\n[ 4613.784716] process_one_work+0x248/0x950\n[ 4613.789424] worker_thread+0x318/0x934\n[ 4613.793878] kthread+0x190/0x200\n[ 4613.797810] ret_from_fork+0x10/0x18\n[ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds.\n[ 4613.816026] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208\n[ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main]\n[ 4613.841491] Call trace:\n[ 4613.844647] __switch_to+0xf8/0x17c\n[ 4613.848852] __schedule+0x660/0xee0\n[ 4613.853052] schedule+0xac/0x240\n[ 4613.856984] schedule_timeout+0x500/0x610\n[ 4613.861695] __down+0x128/0x36c\n[ 4613.865542] down+0x240/0x2d0\n[ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main]\n[ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main]\n[ 4613.883019] process_one_work+0x248/0x950\n[ 4613.887732] worker_thread+0x318/0x934\n[ 4613.892204] kthread+0x190/0x200\n[ 4613.896118] ret_from_fork+0x10/0x18\n[ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds.\n[ 4613.914341] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208\n[ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas]\n[ 4613.939549] Call trace:\n[ 4613.942702] __switch_to+0xf8/0x17c\n[ 4613.946892] __schedule+0x660/0xee0\n[ 4613.951083] schedule+0xac/0x240\n[ 4613.955015] schedule_timeout+0x500/0x610\n[ 4613.959725] wait_for_common+0x200/0x610\n[ 4613.964349] wait_for_completion+0x3c/0x5c\n[ 4613.969146] flush_workqueue+0x198/0x790\n[ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas]\n[ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas]\n[ 4613.985708] process_one_work+0x248/0x950\n[ 4613.990420] worker_thread+0x318/0x934\n[ 4613.994868] kthread+0x190/0x200\n[ 4613.998800] ret_from_fork+0x10/0x18\n\nThis is because when the device goes offline, we obtain the hisi_hba\nsemaphore and send the ABORT_DEV command to the device. However, the\ninternal abort timed out due to the 2 bit ECC error and triggers automatic\ndump. In addition, since the hisi_hba semaphore has been obtained, the dump\ncannot be executed and the controller cannot be reset.\n\nTherefore, the deadlocks occur on the following circular dependencies\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26873",
"url": "https://www.suse.com/security/cve/CVE-2024-26873"
},
{
"category": "external",
"summary": "SUSE Bug 1223047 for CVE-2024-26873",
"url": "https://bugzilla.suse.com/1223047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-26873"
},
{
"cve": "CVE-2024-27415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-27415"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: confirm multicast packets before passing them up the stack\n\nconntrack nf_confirm logic cannot handle cloned skbs referencing\nthe same nf_conn entry, which will happen for multicast (broadcast)\nframes on bridges.\n\n Example:\n macvlan0\n |\n br0\n / \\\n ethX ethY\n\n ethX (or Y) receives a L2 multicast or broadcast packet containing\n an IP packet, flow is not yet in conntrack table.\n\n 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting.\n -\u003e skb-\u003e_nfct now references a unconfirmed entry\n 2. skb is broad/mcast packet. bridge now passes clones out on each bridge\n interface.\n 3. skb gets passed up the stack.\n 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb\n and schedules a work queue to send them out on the lower devices.\n\n The clone skb-\u003e_nfct is not a copy, it is the same entry as the\n original skb. The macvlan rx handler then returns RX_HANDLER_PASS.\n 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb.\n\nThe Macvlan broadcast worker and normal confirm path will race.\n\nThis race will not happen if step 2 already confirmed a clone. In that\ncase later steps perform skb_clone() with skb-\u003e_nfct already confirmed (in\nhash table). This works fine.\n\nBut such confirmation won\u0027t happen when eb/ip/nftables rules dropped the\npackets before they reached the nf_confirm step in postrouting.\n\nPablo points out that nf_conntrack_bridge doesn\u0027t allow use of stateful\nnat, so we can safely discard the nf_conn entry and let inet call\nconntrack again.\n\nThis doesn\u0027t work for bridge netfilter: skb could have a nat\ntransformation. Also bridge nf prevents re-invocation of inet prerouting\nvia \u0027sabotage_in\u0027 hook.\n\nWork around this problem by explicit confirmation of the entry at LOCAL_IN\ntime, before upper layer has a chance to clone the unconfirmed entry.\n\nThe downside is that this disables NAT and conntrack helpers.\n\nAlternative fix would be to add locking to all code parts that deal with\nunconfirmed packets, but even if that could be done in a sane way this\nopens up other problems, for example:\n\n-m physdev --physdev-out eth0 -j SNAT --snat-to 1.2.3.4\n-m physdev --physdev-out eth1 -j SNAT --snat-to 1.2.3.5\n\nFor multicast case, only one of such conflicting mappings will be\ncreated, conntrack only handles 1:1 NAT mappings.\n\nUsers should set create a setup that explicitly marks such traffic\nNOTRACK (conntrack bypass) to avoid this, but we cannot auto-bypass\nthem, ruleset might have accept rules for untracked traffic already,\nso user-visible behaviour would change.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-27415",
"url": "https://www.suse.com/security/cve/CVE-2024-27415"
},
{
"category": "external",
"summary": "SUSE Bug 1224757 for CVE-2024-27415",
"url": "https://bugzilla.suse.com/1224757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-27415"
},
{
"cve": "CVE-2024-35826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35826",
"url": "https://www.suse.com/security/cve/CVE-2024-35826"
},
{
"category": "external",
"summary": "SUSE Bug 1224610 for CVE-2024-35826",
"url": "https://bugzilla.suse.com/1224610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-35826"
},
{
"cve": "CVE-2024-35910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-35910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-35910",
"url": "https://www.suse.com/security/cve/CVE-2024-35910"
},
{
"category": "external",
"summary": "SUSE Bug 1224489 for CVE-2024-35910",
"url": "https://bugzilla.suse.com/1224489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - validate slices count returned by FW\n\nThe function adf_send_admin_tl_start() enables the telemetry (TL)\nfeature on a QAT device by sending the ICP_QAT_FW_TL_START message to\nthe firmware. This triggers the FW to start writing TL data to a DMA\nbuffer in memory and returns an array containing the number of\naccelerators of each type (slices) supported by this HW.\nThe pointer to this array is stored in the adf_tl_hw_data data\nstructure called slice_cnt.\n\nThe array slice_cnt is then used in the function tl_print_dev_data()\nto report in debugfs only statistics about the supported accelerators.\nAn incorrect value of the elements in slice_cnt might lead to an out\nof bounds memory read.\nAt the moment, there isn\u0027t an implementation of FW that returns a wrong\nvalue, but for robustness validate the slice count array returned by FW.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38606",
"url": "https://www.suse.com/security/cve/CVE-2024-38606"
},
{
"category": "external",
"summary": "SUSE Bug 1226871 for CVE-2024-38606",
"url": "https://bugzilla.suse.com/1226871"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-40980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: replace spin_lock by raw_spin_lock\n\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n #4: ff1100086ee07520 (\u0026data-\u003elock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [\u003cffffffffb1df2b33\u003e] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [\u003cffffffffb19bd03d\u003e] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [\u003cffffffffb07a1083\u003e] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [\u003cffffffffb0909b33\u003e] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[\u003cffffffffb1de786b\u003e] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8c/0xd0\n dump_stack+0x14/0x20\n __might_resched+0x21e/0x2f0\n rt_spin_lock+0x5e/0x130\n ? trace_drop_common.constprop.0+0xb5/0x290\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_drop_common.constprop.0+0xb5/0x290\n ? preempt_count_sub+0x1c/0xd0\n ? _raw_spin_unlock_irqrestore+0x4a/0x80\n ? __pfx_trace_drop_common.constprop.0+0x10/0x10\n ? rt_mutex_slowunlock+0x26a/0x2e0\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_rt_mutex_slowunlock+0x10/0x10\n ? skb_queue_purge_reason.part.0+0x1bf/0x230\n trace_kfree_skb_hit+0x15/0x20\n trace_kfree_skb+0xe9/0x150\n kfree_skb_reason+0x7b/0x110\n skb_queue_purge_reason.part.0+0x1bf/0x230\n ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n ? mark_lock.part.0+0x8a/0x520\n...\n\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\n\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40980",
"url": "https://www.suse.com/security/cve/CVE-2024-40980"
},
{
"category": "external",
"summary": "SUSE Bug 1227937 for CVE-2024-40980",
"url": "https://bugzilla.suse.com/1227937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetpoll: Fix race condition in netpoll_owner_active\n\nKCSAN detected a race condition in netpoll:\n\n\tBUG: KCSAN: data-race in net_rx_action / netpoll_send_skb\n\twrite (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10:\n\tnet_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/dev.c:6822)\n\u003csnip\u003e\n\tread to 0xffff8881164168b0 of 4 bytes by task 1 on cpu 2:\n\tnetpoll_send_skb (net/core/netpoll.c:319 net/core/netpoll.c:345 net/core/netpoll.c:393)\n\tnetpoll_send_udp (net/core/netpoll.c:?)\n\u003csnip\u003e\n\tvalue changed: 0x0000000a -\u003e 0xffffffff\n\nThis happens because netpoll_owner_active() needs to check if the\ncurrent CPU is the owner of the lock, touching napi-\u003epoll_owner\nnon atomically. The -\u003epoll_owner field contains the current CPU holding\nthe lock.\n\nUse an atomic read to check if the poll owner is the current CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41005",
"url": "https://www.suse.com/security/cve/CVE-2024-41005"
},
{
"category": "external",
"summary": "SUSE Bug 1227858 for CVE-2024-41005",
"url": "https://bugzilla.suse.com/1227858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared. The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference. We need to check its value before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41055",
"url": "https://www.suse.com/security/cve/CVE-2024-41055"
},
{
"category": "external",
"summary": "SUSE Bug 1228521 for CVE-2024-41055",
"url": "https://bugzilla.suse.com/1228521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-41077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix validation of block size\n\nBlock size should be between 512 and PAGE_SIZE and be a power of 2. The current\ncheck does not validate this, so update the check.\n\nWithout this patch, null_blk would Oops due to a null pointer deref when\nloaded with bs=1536 [1].\n\n\n[axboe: remove unnecessary braces and != 0 check]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41077",
"url": "https://www.suse.com/security/cve/CVE-2024-41077"
},
{
"category": "external",
"summary": "SUSE Bug 1228653 for CVE-2024-41077",
"url": "https://bugzilla.suse.com/1228653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41149"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: avoid to reuse `hctx` not removed from cpuhp callback list\n\nIf the \u0027hctx\u0027 isn\u0027t removed from cpuhp callback list, we can\u0027t reuse it,\notherwise use-after-free may be triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41149",
"url": "https://www.suse.com/security/cve/CVE-2024-41149"
},
{
"category": "external",
"summary": "SUSE Bug 1235698 for CVE-2024-41149",
"url": "https://bugzilla.suse.com/1235698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-41149"
},
{
"cve": "CVE-2024-42307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-42307"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential null pointer use in destroy_workqueue in init_cifs error path\n\nDan Carpenter reported a Smack static checker warning:\n fs/smb/client/cifsfs.c:1981 init_cifs()\n error: we previously assumed \u0027serverclose_wq\u0027 could be null (see line 1895)\n\nThe patch which introduced the serverclose workqueue used the wrong\noredering in error paths in init_cifs() for freeing it on errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-42307",
"url": "https://www.suse.com/security/cve/CVE-2024-42307"
},
{
"category": "external",
"summary": "SUSE Bug 1229361 for CVE-2024-42307",
"url": "https://bugzilla.suse.com/1229361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-42307"
},
{
"cve": "CVE-2024-43820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume\n\nrm-raid devices will occasionally trigger the following warning when\nbeing resumed after a table load because DM_RECOVERY_RUNNING is set:\n\nWARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]\n\nThe failing check is:\nWARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery));\n\nThis check is designed to make sure that the sync thread isn\u0027t\nregistered, but md_check_recovery can set MD_RECOVERY_RUNNING without\nthe sync_thread ever getting registered. Instead of checking if\nMD_RECOVERY_RUNNING is set, check if sync_thread is non-NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43820",
"url": "https://www.suse.com/security/cve/CVE-2024-43820"
},
{
"category": "external",
"summary": "SUSE Bug 1229311 for CVE-2024-43820",
"url": "https://bugzilla.suse.com/1229311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-44974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-44974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-44974",
"url": "https://www.suse.com/security/cve/CVE-2024-44974"
},
{
"category": "external",
"summary": "SUSE Bug 1230235 for CVE-2024-44974",
"url": "https://bugzilla.suse.com/1230235"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45009",
"url": "https://www.suse.com/security/cve/CVE-2024-45009"
},
{
"category": "external",
"summary": "SUSE Bug 1230438 for CVE-2024-45009",
"url": "https://bugzilla.suse.com/1230438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45010",
"url": "https://www.suse.com/security/cve/CVE-2024-45010"
},
{
"category": "external",
"summary": "SUSE Bug 1230439 for CVE-2024-45010",
"url": "https://bugzilla.suse.com/1230439"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-46736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_rename_path()\n\nIf smb2_set_path_attr() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() again as the\nreference of @cfile was already dropped by previous smb2_compound_op()\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46736",
"url": "https://www.suse.com/security/cve/CVE-2024-46736"
},
{
"category": "external",
"summary": "SUSE Bug 1230728 for CVE-2024-46736",
"url": "https://bugzilla.suse.com/1230728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46736"
},
{
"cve": "CVE-2024-46782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46782",
"url": "https://www.suse.com/security/cve/CVE-2024-46782"
},
{
"category": "external",
"summary": "SUSE Bug 1230769 for CVE-2024-46782",
"url": "https://bugzilla.suse.com/1230769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double put of @cfile in smb2_set_path_size()\n\nIf smb2_compound_op() is called with a valid @cfile and returned\n-EINVAL, we need to call cifs_get_writable_path() before retrying it\nas the reference of @cfile was already dropped by previous call.\n\nThis fixes the following KASAN splat when running fstests generic/013\nagainst Windows Server 2022:\n\n CIFS: Attempting to mount //w22-fs0/scratch\n run fstests generic/013 at 2024-09-02 19:48:59\n ==================================================================\n BUG: KASAN: slab-use-after-free in detach_if_pending+0xab/0x200\n Write of size 8 at addr ffff88811f1a3730 by task kworker/3:2/176\n\n CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 Not tainted 6.11.0-rc6 #2\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40\n 04/01/2014\n Workqueue: cifsoplockd cifs_oplock_break [cifs]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? detach_if_pending+0xab/0x200\n print_report+0x156/0x4d9\n ? detach_if_pending+0xab/0x200\n ? __virt_addr_valid+0x145/0x300\n ? __phys_addr+0x46/0x90\n ? detach_if_pending+0xab/0x200\n kasan_report+0xda/0x110\n ? detach_if_pending+0xab/0x200\n detach_if_pending+0xab/0x200\n timer_delete+0x96/0xe0\n ? __pfx_timer_delete+0x10/0x10\n ? rcu_is_watching+0x20/0x50\n try_to_grab_pending+0x46/0x3b0\n __cancel_work+0x89/0x1b0\n ? __pfx___cancel_work+0x10/0x10\n ? kasan_save_track+0x14/0x30\n cifs_close_deferred_file+0x110/0x2c0 [cifs]\n ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs]\n ? __pfx_down_read+0x10/0x10\n cifs_oplock_break+0x4c1/0xa50 [cifs]\n ? __pfx_cifs_oplock_break+0x10/0x10 [cifs]\n ? lock_is_held_type+0x85/0xf0\n ? mark_held_locks+0x1a/0x90\n process_one_work+0x4c6/0x9f0\n ? find_held_lock+0x8a/0xa0\n ? __pfx_process_one_work+0x10/0x10\n ? lock_acquired+0x220/0x550\n ? __list_add_valid_or_report+0x37/0x100\n worker_thread+0x2e4/0x570\n ? __kthread_parkme+0xd1/0xf0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x17f/0x1c0\n ? kthread+0xda/0x1c0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 1118:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n cifs_new_fileinfo+0xc8/0x9d0 [cifs]\n cifs_atomic_open+0x467/0x770 [cifs]\n lookup_open.isra.0+0x665/0x8b0\n path_openat+0x4c3/0x1380\n do_filp_open+0x167/0x270\n do_sys_openat2+0x129/0x160\n __x64_sys_creat+0xad/0xe0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 83:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n poison_slab_object+0xe9/0x160\n __kasan_slab_free+0x32/0x50\n kfree+0xf2/0x300\n process_one_work+0x4c6/0x9f0\n worker_thread+0x2e4/0x570\n kthread+0x17f/0x1c0\n ret_from_fork+0x31/0x60\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x30/0x50\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x29/0xe0\n __queue_work+0x5ea/0x760\n queue_work_on+0x6d/0x90\n _cifsFileInfo_put+0x3f6/0x770 [cifs]\n smb2_compound_op+0x911/0x3940 [cifs]\n smb2_set_path_size+0x228/0x270 [cifs]\n cifs_set_file_size+0x197/0x460 [cifs]\n cifs_setattr+0xd9c/0x14b0 [cifs]\n notify_change+0x4e3/0x740\n do_truncate+0xfa/0x180\n vfs_truncate+0x195/0x200\n __x64_sys_truncate+0x109/0x150\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46796",
"url": "https://www.suse.com/security/cve/CVE-2024-46796"
},
{
"category": "external",
"summary": "SUSE Bug 1230832 for CVE-2024-46796",
"url": "https://bugzilla.suse.com/1230832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46796"
},
{
"cve": "CVE-2024-46858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: Fix uaf in __timer_delete_sync\n\nThere are two paths to access mptcp_pm_del_add_timer, result in a race\ncondition:\n\n CPU1\t\t\t\tCPU2\n ==== ====\n net_rx_action\n napi_poll netlink_sendmsg\n __napi_poll netlink_unicast\n process_backlog netlink_unicast_kernel\n __netif_receive_skb genl_rcv\n __netif_receive_skb_one_core netlink_rcv_skb\n NF_HOOK genl_rcv_msg\n ip_local_deliver_finish genl_family_rcv_msg\n ip_protocol_deliver_rcu genl_family_rcv_msg_doit\n tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit\n tcp_v4_do_rcv mptcp_nl_remove_addrs_list\n tcp_rcv_established mptcp_pm_remove_addrs_and_subflows\n tcp_data_queue remove_anno_list_by_saddr\n mptcp_incoming_options mptcp_pm_del_add_timer\n mptcp_pm_del_add_timer kfree(entry)\n\nIn remove_anno_list_by_saddr(running on CPU2), after leaving the critical\nzone protected by \"pm.lock\", the entry will be released, which leads to the\noccurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1).\n\nKeeping a reference to add_timer inside the lock, and calling\nsk_stop_timer_sync() with this reference, instead of \"entry-\u003eadd_timer\".\n\nMove list_del(\u0026entry-\u003elist) to mptcp_pm_del_add_timer and inside the pm lock,\ndo not directly access any members of the entry outside the pm lock, which\ncan avoid similar \"entry-\u003ex\" uaf.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46858",
"url": "https://www.suse.com/security/cve/CVE-2024-46858"
},
{
"category": "external",
"summary": "SUSE Bug 1231088 for CVE-2024-46858",
"url": "https://bugzilla.suse.com/1231088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-46858"
},
{
"cve": "CVE-2024-47408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47408"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check smcd_v2_ext_offset when receiving proposal msg\n\nWhen receiving proposal msg in server, the field smcd_v2_ext_offset in\nproposal msg is from the remote client and can not be fully trusted.\nOnce the value of smcd_v2_ext_offset exceed the max value, there has\nthe chance to access wrong address, and crash may happen.\n\nThis patch checks the value of smcd_v2_ext_offset before using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47408",
"url": "https://www.suse.com/security/cve/CVE-2024-47408"
},
{
"category": "external",
"summary": "SUSE Bug 1235711 for CVE-2024-47408",
"url": "https://bugzilla.suse.com/1235711"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid OOB when system.data xattr changes underneath the filesystem\n\nWhen looking up for an entry in an inlined directory, if e_value_offs is\nchanged underneath the filesystem by some change in the block device, it\nwill lead to an out-of-bounds access that KASAN detects as an UAF.\n\nEXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.\nloop0: detected capacity change from 2048 to 2047\n==================================================================\nBUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\nRead of size 1 at addr ffff88803e91130f by task syz-executor269/5103\n\nCPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500\n ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697\n __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573\n ext4_lookup_entry fs/ext4/namei.c:1727 [inline]\n ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795\n lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633\n filename_create+0x297/0x540 fs/namei.c:3980\n do_symlinkat+0xf9/0x3a0 fs/namei.c:4587\n __do_sys_symlinkat fs/namei.c:4610 [inline]\n __se_sys_symlinkat fs/namei.c:4607 [inline]\n __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f3e73ced469\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a\nRAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469\nRDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0\nRBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290\nR10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c\nR13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0\n \u003c/TASK\u003e\n\nCalling ext4_xattr_ibody_find right after reading the inode with\next4_get_inode_loc will lead to a check of the validity of the xattrs,\navoiding this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47701",
"url": "https://www.suse.com/security/cve/CVE-2024-47701"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1231920 for CVE-2024-47701",
"url": "https://bugzilla.suse.com/1231920"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47794",
"url": "https://www.suse.com/security/cve/CVE-2024-47794"
},
{
"category": "external",
"summary": "SUSE Bug 1235712 for CVE-2024-47794",
"url": "https://bugzilla.suse.com/1235712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the field iparea_offset\nand the field ipv6_prefixes_cnt in proposal msg are from the\nremote client and can not be fully trusted. Especially the\nfield iparea_offset, once exceed the max value, there has the\nchance to access wrong address, and crash may happen.\n\nThis patch checks iparea_offset and ipv6_prefixes_cnt before using them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49571",
"url": "https://www.suse.com/security/cve/CVE-2024-49571"
},
{
"category": "external",
"summary": "SUSE Bug 1235733 for CVE-2024-49571",
"url": "https://bugzilla.suse.com/1235733"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix slab-use-after-free in ext4_split_extent_at()\n\nWe hit the following use-after-free:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0\nRead of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40\nCPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724\nCall Trace:\n \u003cTASK\u003e\n kasan_report+0x93/0xc0\n ext4_split_extent_at+0xba8/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nAllocated by task 40:\n __kmalloc_noprof+0x1ac/0x480\n ext4_find_extent+0xf3b/0x1e70\n ext4_ext_map_blocks+0x188/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n\nFreed by task 40:\n kfree+0xf1/0x2b0\n ext4_find_extent+0xa71/0x1e70\n ext4_ext_insert_extent+0xa22/0x3260\n ext4_split_extent_at+0x3ef/0xcc0\n ext4_split_extent.isra.0+0x18f/0x500\n ext4_split_convert_extents+0x275/0x750\n ext4_ext_handle_unwritten_extents+0x73e/0x1580\n ext4_ext_map_blocks+0xe20/0x2dc0\n ext4_map_blocks+0x724/0x1700\n ext4_do_writepages+0x12d6/0x2a70\n[...]\n==================================================================\n\nThe flow of issue triggering is as follows:\n\next4_split_extent_at\n path = *ppath\n ext4_ext_insert_extent(ppath)\n ext4_ext_create_new_leaf(ppath)\n ext4_find_extent(orig_path)\n path = *orig_path\n read_extent_tree_block\n // return -ENOMEM or -EIO\n ext4_free_ext_path(path)\n kfree(path)\n *orig_path = NULL\n a. If err is -ENOMEM:\n ext4_ext_dirty(path + path-\u003ep_depth)\n // path use-after-free !!!\n b. If err is -EIO and we have EXT_DEBUG defined:\n ext4_ext_show_leaf(path)\n eh = path[depth].p_hdr\n // path also use-after-free !!!\n\nSo when trying to zeroout or fix the extent length, call ext4_find_extent()\nto update the path.\n\nIn addition we use *ppath directly as an ext4_ext_show_leaf() input to\navoid possible use-after-free when EXT_DEBUG is defined, and to avoid\nunnecessary path updates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49884",
"url": "https://www.suse.com/security/cve/CVE-2024-49884"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232198 for CVE-2024-49884",
"url": "https://bugzilla.suse.com/1232198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49884"
},
{
"cve": "CVE-2024-49924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which \u0026fbi-\u003etask is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the \u0026pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi-\u003efb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | pxafb_task\npxafb_remove |\nunregister_framebuffer(info) |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info) |\n// free fbi-\u003efb | set_ctrlr_state(fbi, state)\n | __pxafb_lcd_power(fbi, 0)\n | fbi-\u003elcd_power(on, \u0026fbi-\u003efb.var)\n | //use fbi-\u003efb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49924",
"url": "https://www.suse.com/security/cve/CVE-2024-49924"
},
{
"category": "external",
"summary": "SUSE Bug 1232364 for CVE-2024-49924",
"url": "https://bugzilla.suse.com/1232364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49940",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49940"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: prevent possible tunnel refcount underflow\n\nWhen a session is created, it sets a backpointer to its tunnel. When\nthe session refcount drops to 0, l2tp_session_free drops the tunnel\nrefcount if session-\u003etunnel is non-NULL. However, session-\u003etunnel is\nset in l2tp_session_create, before the tunnel refcount is incremented\nby l2tp_session_register, which leaves a small window where\nsession-\u003etunnel is non-NULL when the tunnel refcount hasn\u0027t been\nbumped.\n\nMoving the assignment to l2tp_session_register is trivial but\nl2tp_session_create calls l2tp_session_set_header_len which uses\nsession-\u003etunnel to get the tunnel\u0027s encap. Add an encap arg to\nl2tp_session_set_header_len to avoid using session-\u003etunnel.\n\nIf l2tpv3 sessions have colliding IDs, it is possible for\nl2tp_v3_session_get to race with l2tp_session_register and fetch a\nsession which doesn\u0027t yet have session-\u003etunnel set. Add a check for\nthis case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49940",
"url": "https://www.suse.com/security/cve/CVE-2024-49940"
},
{
"category": "external",
"summary": "SUSE Bug 1232812 for CVE-2024-49940",
"url": "https://bugzilla.suse.com/1232812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49940"
},
{
"cve": "CVE-2024-49950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49950",
"url": "https://www.suse.com/security/cve/CVE-2024-49950"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232159 for CVE-2024-49950",
"url": "https://bugzilla.suse.com/1232159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49950"
},
{
"cve": "CVE-2024-49994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-49994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix integer overflow in BLKSECDISCARD\n\nI independently rediscovered\n\n\tcommit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155\n\tblock: fix overflow in blk_ioctl_discard()\n\nbut for secure erase.\n\nSame problem:\n\n\tuint64_t r[2] = {512, 18446744073709551104ULL};\n\tioctl(fd, BLKSECDISCARD, r);\n\nwill enter near infinite loop inside blkdev_issue_secure_erase():\n\n\ta.out: attempt to access beyond end of device\n\tloop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048\n\tbio_check_eod: 3286214 callbacks suppressed",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-49994",
"url": "https://www.suse.com/security/cve/CVE-2024-49994"
},
{
"category": "external",
"summary": "SUSE Bug 1237757 for CVE-2024-49994",
"url": "https://bugzilla.suse.com/1237757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync\n\nThis checks if the ACL connection remains valid as it could be destroyed\nwhile hci_enhanced_setup_sync is pending on cmd_sync leading to the\nfollowing trace:\n\nBUG: KASAN: slab-use-after-free in hci_enhanced_setup_sync+0x91b/0xa60\nRead of size 1 at addr ffff888002328ffd by task kworker/u5:2/37\n\nCPU: 0 UID: 0 PID: 37 Comm: kworker/u5:2 Not tainted 6.11.0-rc6-01300-g810be445d8d6 #7099\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ? hci_enhanced_setup_sync+0x91b/0xa60\n print_report+0x152/0x4c0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n ? __virt_addr_valid+0x1fa/0x420\n ? hci_enhanced_setup_sync+0x91b/0xa60\n kasan_report+0xda/0x1b0\n ? hci_enhanced_setup_sync+0x91b/0xa60\n hci_enhanced_setup_sync+0x91b/0xa60\n ? __pfx_hci_enhanced_setup_sync+0x10/0x10\n ? __pfx___mutex_lock+0x10/0x10\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x167/0x240\n worker_thread+0x5b7/0xf60\n ? __kthread_parkme+0xac/0x1c0\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x293/0x360\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 34:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __hci_conn_add+0x187/0x17d0\n hci_connect_sco+0x2e1/0xb90\n sco_sock_connect+0x2a2/0xb80\n __sys_connect+0x227/0x2a0\n __x64_sys_connect+0x6d/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 37:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x101/0x160\n kfree+0xd0/0x250\n device_release+0x9a/0x210\n kobject_put+0x151/0x280\n hci_conn_del+0x448/0xbf0\n hci_abort_conn_sync+0x46f/0x980\n hci_cmd_sync_work+0x1c2/0x330\n process_one_work+0x7d9/0x1360\n worker_thread+0x5b7/0xf60\n kthread+0x293/0x360\n ret_from_fork+0x2f/0x70\n ret_from_fork_asm+0x1a/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50029",
"url": "https://www.suse.com/security/cve/CVE-2024-50029"
},
{
"category": "external",
"summary": "SUSE Bug 1231949 for CVE-2024-50029",
"url": "https://bugzilla.suse.com/1231949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not delay dst_entries_add() in dst_release()\n\ndst_entries_add() uses per-cpu data that might be freed at netns\ndismantle from ip6_route_net_exit() calling dst_entries_destroy()\n\nBefore ip6_route_net_exit() can be called, we release all\nthe dsts associated with this netns, via calls to dst_release(),\nwhich waits an rcu grace period before calling dst_destroy()\n\ndst_entries_add() use in dst_destroy() is racy, because\ndst_entries_destroy() could have been called already.\n\nDecrementing the number of dsts must happen sooner.\n\nNotes:\n\n1) in CONFIG_XFRM case, dst_destroy() can call\n dst_release_immediate(child), this might also cause UAF\n if the child does not have DST_NOCOUNT set.\n IPSEC maintainers might take a look and see how to address this.\n\n2) There is also discussion about removing this count of dst,\n which might happen in future kernels.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50036",
"url": "https://www.suse.com/security/cve/CVE-2024-50036"
},
{
"category": "external",
"summary": "SUSE Bug 1231912 for CVE-2024-50036",
"url": "https://bugzilla.suse.com/1231912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xtables: avoid NFPROTO_UNSPEC where needed\n\nsyzbot managed to call xt_cluster match via ebtables:\n\n WARNING: CPU: 0 PID: 11 at net/netfilter/xt_cluster.c:72 xt_cluster_mt+0x196/0x780\n [..]\n ebt_do_table+0x174b/0x2a40\n\nModule registers to NFPROTO_UNSPEC, but it assumes ipv4/ipv6 packet\nprocessing. As this is only useful to restrict locally terminating\nTCP/UDP traffic, register this for ipv4 and ipv6 family only.\n\nPablo points out that this is a general issue, direct users of the\nset/getsockopt interface can call into targets/matches that were only\nintended for use with ip(6)tables.\n\nCheck all UNSPEC matches and targets for similar issues:\n\n- matches and targets are fine except if they assume skb_network_header()\n is valid -- this is only true when called from inet layer: ip(6) stack\n pulls the ip/ipv6 header into linear data area.\n- targets that return XT_CONTINUE or other xtables verdicts must be\n restricted too, they are incompatbile with the ebtables traverser, e.g.\n EBT_CONTINUE is a completely different value than XT_CONTINUE.\n\nMost matches/targets are changed to register for NFPROTO_IPV4/IPV6, as\nthey are provided for use by ip(6)tables.\n\nThe MARK target is also used by arptables, so register for NFPROTO_ARP too.\n\nWhile at it, bail out if connbytes fails to enable the corresponding\nconntrack family.\n\nThis change passes the selftests in iptables.git.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50038",
"url": "https://www.suse.com/security/cve/CVE-2024-50038"
},
{
"category": "external",
"summary": "SUSE Bug 1231910 for CVE-2024-50038",
"url": "https://bugzilla.suse.com/1231910"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50038"
},
{
"cve": "CVE-2024-50056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: \u0027fmtdesc\u0027 dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50056",
"url": "https://www.suse.com/security/cve/CVE-2024-50056"
},
{
"category": "external",
"summary": "SUSE Bug 1232389 for CVE-2024-50056",
"url": "https://bugzilla.suse.com/1232389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \u003cTASK\u003e\n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50073",
"url": "https://www.suse.com/security/cve/CVE-2024-50073"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232520 for CVE-2024-50073",
"url": "https://bugzilla.suse.com/1232520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50073"
},
{
"cve": "CVE-2024-50085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow\n\nSyzkaller reported this splat:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662\n\n CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881\n mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:914 [inline]\n mptcp_nl_remove_id_zero_address+0x305/0x4a0 net/mptcp/pm_netlink.c:1572\n mptcp_pm_nl_del_addr_doit+0x5c9/0x770 net/mptcp/pm_netlink.c:1603\n genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg net/socket.c:744 [inline]\n ____sys_sendmsg+0x9ae/0xb40 net/socket.c:2607\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661\n __sys_sendmsg+0x117/0x1f0 net/socket.c:2690\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386\n do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n RIP: 0023:0xf7fe4579\n Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 \u003c5d\u003e 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00\n RSP: 002b:00000000f574556c EFLAGS: 00000296 ORIG_RAX: 0000000000000172\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000020000140\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\n Allocated by task 5387:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kmalloc_noprof include/linux/slab.h:878 [inline]\n kzalloc_noprof include/linux/slab.h:1014 [inline]\n subflow_create_ctx+0x87/0x2a0 net/mptcp/subflow.c:1803\n subflow_ulp_init+0xc3/0x4d0 net/mptcp/subflow.c:1956\n __tcp_set_ulp net/ipv4/tcp_ulp.c:146 [inline]\n tcp_set_ulp+0x326/0x7f0 net/ipv4/tcp_ulp.c:167\n mptcp_subflow_create_socket+0x4ae/0x10a0 net/mptcp/subflow.c:1764\n __mptcp_subflow_connect+0x3cc/0x1490 net/mptcp/subflow.c:1592\n mptcp_pm_create_subflow_or_signal_addr+0xbda/0x23a0 net/mptcp/pm_netlink.c:642\n mptcp_pm_nl_fully_established net/mptcp/pm_netlink.c:650 [inline]\n mptcp_pm_nl_work+0x3a1/0x4f0 net/mptcp/pm_netlink.c:943\n mptcp_worker+0x15a/0x1240 net/mptcp/protocol.c:2777\n process_one_work+0x958/0x1b30 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/ke\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50085",
"url": "https://www.suse.com/security/cve/CVE-2024-50085"
},
{
"category": "external",
"summary": "SUSE Bug 1232508 for CVE-2024-50085",
"url": "https://bugzilla.suse.com/1232508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50115"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn\u0027t\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn\u0027t using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM\u0027s much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it\u0027s only the nSVM flow\nthat is broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50115",
"url": "https://www.suse.com/security/cve/CVE-2024-50115"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1232919 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1232919"
},
{
"category": "external",
"summary": "SUSE Bug 1233019 for CVE-2024-50115",
"url": "https://bugzilla.suse.com/1233019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50115"
},
{
"cve": "CVE-2024-50126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: use RCU read-side critical section in taprio_dump()\n\nFix possible use-after-free in \u0027taprio_dump()\u0027 by adding RCU\nread-side critical section there. Never seen on x86 but\nfound on a KASAN-enabled arm64 system when investigating\nhttps://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa:\n\n[T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0\n[T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862\n[T15862]\n[T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2\n[T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024\n[T15862] Call trace:\n[T15862] dump_backtrace+0x20c/0x220\n[T15862] show_stack+0x2c/0x40\n[T15862] dump_stack_lvl+0xf8/0x174\n[T15862] print_report+0x170/0x4d8\n[T15862] kasan_report+0xb8/0x1d4\n[T15862] __asan_report_load4_noabort+0x20/0x2c\n[T15862] taprio_dump+0xa0c/0xbb0\n[T15862] tc_fill_qdisc+0x540/0x1020\n[T15862] qdisc_notify.isra.0+0x330/0x3a0\n[T15862] tc_modify_qdisc+0x7b8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Allocated by task 15857:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_alloc_info+0x40/0x60\n[T15862] __kasan_kmalloc+0xd4/0xe0\n[T15862] __kmalloc_cache_noprof+0x194/0x334\n[T15862] taprio_change+0x45c/0x2fe0\n[T15862] tc_modify_qdisc+0x6a8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Freed by task 6192:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_free_info+0x4c/0x80\n[T15862] poison_slab_object+0x110/0x160\n[T15862] __kasan_slab_free+0x3c/0x74\n[T15862] kfree+0x134/0x3c0\n[T15862] taprio_free_sched_cb+0x18c/0x220\n[T15862] rcu_core+0x920/0x1b7c\n[T15862] rcu_core_si+0x10/0x1c\n[T15862] handle_softirqs+0x2e8/0xd64\n[T15862] __do_softirq+0x14/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50126",
"url": "https://www.suse.com/security/cve/CVE-2024-50126"
},
{
"category": "external",
"summary": "SUSE Bug 1232895 for CVE-2024-50126",
"url": "https://bugzilla.suse.com/1232895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Disable page allocation in task_tick_mm_cid()\n\nWith KASAN and PREEMPT_RT enabled, calling task_work_add() in\ntask_tick_mm_cid() may cause the following splat.\n\n[ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe\n[ 63.696416] preempt_count: 10001, expected: 0\n[ 63.696416] RCU nest depth: 1, expected: 1\n\nThis problem is caused by the following call trace.\n\n sched_tick() [ acquire rq-\u003e__lock ]\n -\u003e task_tick_mm_cid()\n -\u003e task_work_add()\n -\u003e __kasan_record_aux_stack()\n -\u003e kasan_save_stack()\n -\u003e stack_depot_save_flags()\n -\u003e alloc_pages_mpol_noprof()\n -\u003e __alloc_pages_noprof()\n\t -\u003e get_page_from_freelist()\n\t -\u003e rmqueue()\n\t -\u003e rmqueue_pcplist()\n\t -\u003e __rmqueue_pcplist()\n\t -\u003e rmqueue_bulk()\n\t -\u003e rt_spin_lock()\n\nThe rq lock is a raw_spinlock_t. We can\u0027t sleep while holding\nit. IOW, we can\u0027t call alloc_pages() in stack_depot_save_flags().\n\nThe task_tick_mm_cid() function with its task_work_add() call was\nintroduced by commit 223baf9d17f2 (\"sched: Fix performance regression\nintroduced by mm_cid\") in v6.4 kernel.\n\nFortunately, there is a kasan_record_aux_stack_noalloc() variant that\ncalls stack_depot_save_flags() while not allowing it to allocate\nnew pages. To allow task_tick_mm_cid() to use task_work without\npage allocation, a new TWAF_NO_ALLOC flag is added to enable calling\nkasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack()\nif set. The task_tick_mm_cid() function is modified to add this new flag.\n\nThe possible downside is the missing stack trace in a KASAN report due\nto new page allocation required when task_work_add_noallloc() is called\nwhich should be rare.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50140",
"url": "https://www.suse.com/security/cve/CVE-2024-50140"
},
{
"category": "external",
"summary": "SUSE Bug 1233060 for CVE-2024-50140",
"url": "https://bugzilla.suse.com/1233060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50142"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50142",
"url": "https://www.suse.com/security/cve/CVE-2024-50142"
},
{
"category": "external",
"summary": "SUSE Bug 1233028 for CVE-2024-50142",
"url": "https://bugzilla.suse.com/1233028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix possible double free in smb2_set_ea()\n\nClang static checker(scan-build) warning:\nfs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.\n 1304 | kfree(ea);\n | ^~~~~~~~~\n\nThere is a double free in such case:\n\u0027ea is initialized to NULL\u0027 -\u003e \u0027first successful memory allocation for\nea\u0027 -\u003e \u0027something failed, goto sea_exit\u0027 -\u003e \u0027first memory release for ea\u0027\n-\u003e \u0027goto replay_again\u0027 -\u003e \u0027second goto sea_exit before allocate memory\nfor ea\u0027 -\u003e \u0027second memory release for ea resulted in double free\u0027.\n\nRe-initialie \u0027ea\u0027 to NULL near to the replay_again label, it can fix this\ndouble free problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50152",
"url": "https://www.suse.com/security/cve/CVE-2024-50152"
},
{
"category": "external",
"summary": "SUSE Bug 1233033 for CVE-2024-50152",
"url": "https://bugzilla.suse.com/1233033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50152"
},
{
"cve": "CVE-2024-50185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle consistently DSS corruption\n\nBugged peer implementation can send corrupted DSS options, consistently\nhitting a few warning in the data path. Use DEBUG_NET assertions, to\navoid the splat on some builds and handle consistently the error, dumping\nrelated MIBs and performing fallback and/or reset according to the\nsubflow type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50185",
"url": "https://www.suse.com/security/cve/CVE-2024-50185"
},
{
"category": "external",
"summary": "SUSE Bug 1233109 for CVE-2024-50185",
"url": "https://bugzilla.suse.com/1233109"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50251",
"url": "https://www.suse.com/security/cve/CVE-2024-50251"
},
{
"category": "external",
"summary": "SUSE Bug 1233248 for CVE-2024-50251",
"url": "https://bugzilla.suse.com/1233248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk-\u003esk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n tso_segs = tcp_init_tso_segs(skb, mss_now);\n tcp_set_skb_tso_segs\n tcp_skb_pcount_set\n // skb-\u003elen = 524288, mss_now = 8\n // u16 tso_segs = 524288/8 = 65535 -\u003e 0\n tso_segs = DIV_ROUND_UP(skb-\u003elen, mss_now)\n BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50258",
"url": "https://www.suse.com/security/cve/CVE-2024-50258"
},
{
"category": "external",
"summary": "SUSE Bug 1233221 for CVE-2024-50258",
"url": "https://bugzilla.suse.com/1233221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50258"
},
{
"cve": "CVE-2024-50290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50290"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50290",
"url": "https://www.suse.com/security/cve/CVE-2024-50290"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233479 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233479"
},
{
"category": "external",
"summary": "SUSE Bug 1233681 for CVE-2024-50290",
"url": "https://bugzilla.suse.com/1233681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50294"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal-\u003enew_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its -\u003ewait_link happens to be on.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50294",
"url": "https://www.suse.com/security/cve/CVE-2024-50294"
},
{
"category": "external",
"summary": "SUSE Bug 1233483 for CVE-2024-50294",
"url": "https://bugzilla.suse.com/1233483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-50304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50304",
"url": "https://www.suse.com/security/cve/CVE-2024-50304"
},
{
"category": "external",
"summary": "SUSE Bug 1233522 for CVE-2024-50304",
"url": "https://bugzilla.suse.com/1233522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-50304"
},
{
"cve": "CVE-2024-52559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()\n\nThe \"submit-\u003ecmd[i].size\" and \"submit-\u003ecmd[i].offset\" variables are u32\nvalues that come from the user via the submit_lookup_cmds() function.\nThis addition could lead to an integer wrapping bug so use size_add()\nto prevent that.\n\nPatchwork: https://patchwork.freedesktop.org/patch/624696/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52559",
"url": "https://www.suse.com/security/cve/CVE-2024-52559"
},
{
"category": "external",
"summary": "SUSE Bug 1238507 for CVE-2024-52559",
"url": "https://bugzilla.suse.com/1238507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-53057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT\n\nIn qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed\nto be either root or ingress. This assumption is bogus since it\u0027s valid\nto create egress qdiscs with major handle ffff:\nBudimir Markovic found that for qdiscs like DRR that maintain an active\nclass list, it will cause a UAF with a dangling class pointer.\n\nIn 066a3b5b2346, the concern was to avoid iterating over the ingress\nqdisc since its parent is itself. The proper fix is to stop when parent\nTC_H_ROOT is reached because the only way to retrieve ingress is when a\nhierarchy which does not contain a ffff: major handle call into\nqdisc_lookup with TC_H_MAJ(TC_H_ROOT).\n\nIn the scenario where major ffff: is an egress qdisc in any of the tree\nlevels, the updates will also propagate to TC_H_ROOT, which then the\niteration must stop.\n\n\n net/sched/sch_api.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53057",
"url": "https://www.suse.com/security/cve/CVE-2024-53057"
},
{
"category": "external",
"summary": "SUSE Bug 1233551 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1233551"
},
{
"category": "external",
"summary": "SUSE Bug 1245816 for CVE-2024-53057",
"url": "https://bugzilla.suse.com/1245816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: prevent the risk of out of memory access\n\nThe dvbdev contains a static variable used to store dvb minors.\n\nThe behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set\nor not. When not set, dvb_register_device() won\u0027t check for\nboundaries, as it will rely that a previous call to\ndvb_register_adapter() would already be enforcing it.\n\nOn a similar way, dvb_device_open() uses the assumption\nthat the register functions already did the needed checks.\n\nThis can be fragile if some device ends using different\ncalls. This also generate warnings on static check analysers\nlike Coverity.\n\nSo, add explicit guards to prevent potential risk of OOM issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53063",
"url": "https://www.suse.com/security/cve/CVE-2024-53063"
},
{
"category": "external",
"summary": "SUSE Bug 1225742 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1225742"
},
{
"category": "external",
"summary": "SUSE Bug 1233557 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233557"
},
{
"category": "external",
"summary": "SUSE Bug 1233619 for CVE-2024-53063",
"url": "https://bugzilla.suse.com/1233619"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 \u003cf7\u003e 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53123",
"url": "https://www.suse.com/security/cve/CVE-2024-53123"
},
{
"category": "external",
"summary": "SUSE Bug 1234070 for CVE-2024-53123",
"url": "https://bugzilla.suse.com/1234070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53124"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix data-races around sk-\u003esk_forward_alloc\n\nSyzkaller reported this warning:\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0\n Modules linked in:\n CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:inet_sock_destruct+0x1c5/0x1e0\n Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 \u003c0f\u003e 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00\n RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206\n RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007\n RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00\n RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007\n R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00\n R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78\n FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x88/0x130\n ? inet_sock_destruct+0x1c5/0x1e0\n ? report_bug+0x18e/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? inet_sock_destruct+0x1c5/0x1e0\n __sk_destruct+0x2a/0x200\n rcu_do_batch+0x1aa/0x530\n ? rcu_do_batch+0x13b/0x530\n rcu_core+0x159/0x2f0\n handle_softirqs+0xd3/0x2b0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n run_ksoftirqd+0x25/0x30\n smpboot_thread_fn+0xdd/0x1d0\n kthread+0xd3/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nIts possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add()\nconcurrently when sk-\u003esk_state == TCP_LISTEN with sk-\u003esk_lock unlocked,\nwhich triggers a data-race around sk-\u003esk_forward_alloc:\ntcp_v6_rcv\n tcp_v6_do_rcv\n skb_clone_and_charge_r\n sk_rmem_schedule\n __sk_mem_schedule\n sk_forward_alloc_add()\n skb_set_owner_r\n sk_mem_charge\n sk_forward_alloc_add()\n __kfree_skb\n skb_release_all\n skb_release_head_state\n sock_rfree\n sk_mem_uncharge\n sk_forward_alloc_add()\n sk_mem_reclaim\n // set local var reclaimable\n __sk_mem_reclaim\n sk_forward_alloc_add()\n\nIn this syzkaller testcase, two threads call\ntcp_v6_do_rcv() with skb-\u003etruesize=768, the sk_forward_alloc changes like\nthis:\n (cpu 1) | (cpu 2) | sk_forward_alloc\n ... | ... | 0\n __sk_mem_schedule() | | +4096 = 4096\n | __sk_mem_schedule() | +4096 = 8192\n sk_mem_charge() | | -768 = 7424\n | sk_mem_charge() | -768 = 6656\n ... | ... |\n sk_mem_uncharge() | | +768 = 7424\n reclaimable=7424 | |\n | sk_mem_uncharge() | +768 = 8192\n | reclaimable=8192 |\n __sk_mem_reclaim() | | -4096 = 4096\n | __sk_mem_reclaim() | -8192 = -4096 != 0\n\nThe skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when\nsk-\u003esk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock().\nFix the same issue in dccp_v6_do_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53124",
"url": "https://www.suse.com/security/cve/CVE-2024-53124"
},
{
"category": "external",
"summary": "SUSE Bug 1234074 for CVE-2024-53124",
"url": "https://bugzilla.suse.com/1234074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53124"
},
{
"cve": "CVE-2024-53139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix possible UAF in sctp_v6_available()\n\nA lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints\nthat sctp_v6_available() is calling dev_get_by_index_rcu()\nand ipv6_chk_addr() without holding rcu.\n\n[1]\n =============================\n WARNING: suspicious RCU usage\n 6.12.0-rc5-virtme #1216 Tainted: G W\n -----------------------------\n net/core/dev.c:876 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by sctp_hello/31495:\n #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp\n\nstack backtrace:\n CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216\n Tainted: [W]=WARN\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:123)\n lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822)\n dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7))\n sctp_v6_available (net/sctp/ipv6.c:701) sctp\n sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp\n sctp_bind (net/sctp/socket.c:320) sctp\n inet6_bind_sk (net/ipv6/af_inet6.c:465)\n ? security_socket_bind (security/security.c:4581 (discriminator 1))\n __sys_bind (net/socket.c:1848 net/socket.c:1869)\n ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340)\n ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13))\n __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1))\n do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n RIP: 0033:0x7f59b934a1e7\n Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48\nAll code\n========\n 0:\t44 00 00 \tadd %r8b,(%rax)\n 3:\t48 8b 15 39 8c 0c 00 \tmov 0xc8c39(%rip),%rdx # 0xc8c43\n a:\tf7 d8 \tneg %eax\n c:\t64 89 02 \tmov %eax,%fs:(%rdx)\n f:\tb8 ff ff ff ff \tmov $0xffffffff,%eax\n 14:\teb bd \tjmp 0xffffffffffffffd3\n 16:\t66 2e 0f 1f 84 00 00 \tcs nopw 0x0(%rax,%rax,1)\n 1d:\t00 00 00\n 20:\t0f 1f 00 \tnopl (%rax)\n 23:\tb8 31 00 00 00 \tmov $0x31,%eax\n 28:\t0f 05 \tsyscall\n 2a:*\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\t\t\u003c-- trapping instruction\n 30:\t73 01 \tjae 0x33\n 32:\tc3 \tret\n 33:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c43\n 3a:\tf7 d8 \tneg %eax\n 3c:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 3f:\t48 \trex.W\n\nCode starting with the faulting instruction\n===========================================\n 0:\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\n 6:\t73 01 \tjae 0x9\n 8:\tc3 \tret\n 9:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c19\n 10:\tf7 d8 \tneg %eax\n 12:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 15:\t48 \trex.W\n RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031\n RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7\n RDX: 000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005\n RBP: 0000000000000005 R08: 1999999999999999 R09: 0000000000000000\n R10: 00007f59b9253298 R11: 000000000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53139",
"url": "https://www.suse.com/security/cve/CVE-2024-53139"
},
{
"category": "external",
"summary": "SUSE Bug 1234157 for CVE-2024-53139",
"url": "https://bugzilla.suse.com/1234157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53139"
},
{
"cve": "CVE-2024-53140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon\u0027t actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we\u0027re back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn\u0027t have to take a reference of its own.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53140",
"url": "https://www.suse.com/security/cve/CVE-2024-53140"
},
{
"category": "external",
"summary": "SUSE Bug 1234222 for CVE-2024-53140",
"url": "https://bugzilla.suse.com/1234222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53147",
"url": "https://www.suse.com/security/cve/CVE-2024-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1234857 for CVE-2024-53147",
"url": "https://bugzilla.suse.com/1234857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat/qat_420xx - fix off by one in uof_get_name()\n\nThis is called from uof_get_name_420xx() where \"num_objs\" is the\nARRAY_SIZE() of fw_objs[]. The \u003e needs to be \u003e= to prevent an out of\nbounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53163",
"url": "https://www.suse.com/security/cve/CVE-2024-53163"
},
{
"category": "external",
"summary": "SUSE Bug 1234828 for CVE-2024-53163",
"url": "https://bugzilla.suse.com/1234828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53173",
"url": "https://www.suse.com/security/cve/CVE-2024-53173"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234891 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234891"
},
{
"category": "external",
"summary": "SUSE Bug 1234892 for CVE-2024-53173",
"url": "https://bugzilla.suse.com/1234892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53173"
},
{
"cve": "CVE-2024-53176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it\u0027s\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn\u0027t block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we\u0027re here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53176",
"url": "https://www.suse.com/security/cve/CVE-2024-53176"
},
{
"category": "external",
"summary": "SUSE Bug 1234894 for CVE-2024-53176",
"url": "https://bugzilla.suse.com/1234894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53177",
"url": "https://www.suse.com/security/cve/CVE-2024-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1234896 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1234896"
},
{
"category": "external",
"summary": "SUSE Bug 1235103 for CVE-2024-53177",
"url": "https://bugzilla.suse.com/1235103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don\u0027t leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn\u0027t drop a ref if has_lease isn\u0027t true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53178",
"url": "https://www.suse.com/security/cve/CVE-2024-53178"
},
{
"category": "external",
"summary": "SUSE Bug 1234895 for CVE-2024-53178",
"url": "https://bugzilla.suse.com/1234895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53226",
"url": "https://www.suse.com/security/cve/CVE-2024-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1236576 for CVE-2024-53226",
"url": "https://bugzilla.suse.com/1236576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we\u0027re calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card\u0027s\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53239",
"url": "https://www.suse.com/security/cve/CVE-2024-53239"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235054 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235054"
},
{
"category": "external",
"summary": "SUSE Bug 1235055 for CVE-2024-53239",
"url": "https://bugzilla.suse.com/1235055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-53239"
},
{
"cve": "CVE-2024-53680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()\n\nUnder certain kernel configurations when building with Clang/LLVM, the\ncompiler does not generate a return or jump as the terminator\ninstruction for ip_vs_protocol_init(), triggering the following objtool\nwarning during build time:\n\n vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()\n\nAt runtime, this either causes an oops when trying to load the ipvs\nmodule or a boot-time panic if ipvs is built-in. This same issue has\nbeen reported by the Intel kernel test robot previously.\n\nDigging deeper into both LLVM and the kernel code reveals this to be a\nundefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer\nof 64 chars to store the registered protocol names and leaves it\nuninitialized after definition. The function calls strnlen() when\nconcatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE\nstrnlen() performs an extra step to check whether the last byte of the\ninput char buffer is a null character (commit 3009f891bb9f (\"fortify:\nAllow strlen() and strnlen() to pass compile-time known lengths\")).\nThis, together with possibly other configurations, cause the following\nIR to be generated:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section \".init.text\" align 16 !kcfi_type !29 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 14: ; preds = %11\n %15 = getelementptr inbounds i8, ptr %1, i64 63\n %16 = load i8, ptr %15, align 1\n %17 = tail call i1 @llvm.is.constant.i8(i8 %16)\n %18 = icmp eq i8 %16, 0\n %19 = select i1 %17, i1 %18, i1 false\n br i1 %19, label %20, label %23\n\n 20: ; preds = %14\n %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23\n ...\n\n 23: ; preds = %14, %11, %20\n %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24\n ...\n }\n\nThe above code calculates the address of the last char in the buffer\n(value %15) and then loads from it (value %16). Because the buffer is\nnever initialized, the LLVM GVN pass marks value %16 as undefined:\n\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n br i1 undef, label %14, label %17\n\nThis gives later passes (SCCP, in particular) more DCE opportunities by\npropagating the undef value further, and eventually removes everything\nafter the load on the uninitialized stack location:\n\n define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section \".init.text\" align 16 !kcfi_type !11 {\n %1 = alloca [64 x i8], align 16\n ...\n\n 12: ; preds = %11\n %13 = getelementptr inbounds i8, ptr %1, i64 63\n unreachable\n }\n\nIn this way, the generated native code will just fall through to the\nnext function, as LLVM does not generate any code for the unreachable IR\ninstruction and leaves the function without a terminator.\n\nZero the on-stack buffer to avoid this possible UB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53680",
"url": "https://www.suse.com/security/cve/CVE-2024-53680"
},
{
"category": "external",
"summary": "SUSE Bug 1235715 for CVE-2024-53680",
"url": "https://bugzilla.suse.com/1235715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: IDLETIMER: Fix for possible ABBA deadlock\n\nDeletion of the last rule referencing a given idletimer may happen at\nthe same time as a read of its file in sysfs:\n\n| ======================================================\n| WARNING: possible circular locking dependency detected\n| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted\n| ------------------------------------------------------\n| iptables/3303 is trying to acquire lock:\n| ffff8881057e04b8 (kn-\u003eactive#48){++++}-{0:0}, at: __kernfs_remove+0x20\n|\n| but task is already holding lock:\n| ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v]\n|\n| which lock already depends on the new lock.\n\nA simple reproducer is:\n\n| #!/bin/bash\n|\n| while true; do\n| iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| done \u0026\n| while true; do\n| cat /sys/class/xt_idletimer/timers/testme \u003e/dev/null\n| done\n\nAvoid this by freeing list_mutex right after deleting the element from\nthe list, then continuing with the teardown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54683",
"url": "https://www.suse.com/security/cve/CVE-2024-54683"
},
{
"category": "external",
"summary": "SUSE Bug 1235729 for CVE-2024-54683",
"url": "https://bugzilla.suse.com/1235729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-56539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv-\u003essid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in-\u003essid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv-\u003essid,\n user_scan_in-\u003essid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn\u0027t account for the size of the one-element\narray, so it doesn\u0027t need to be changed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56539",
"url": "https://www.suse.com/security/cve/CVE-2024-56539"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1234963 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234963"
},
{
"category": "external",
"summary": "SUSE Bug 1234964 for CVE-2024-56539",
"url": "https://bugzilla.suse.com/1234964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56539"
},
{
"cve": "CVE-2024-56548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \u003cTASK\u003e\n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56548",
"url": "https://www.suse.com/security/cve/CVE-2024-56548"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235073 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235073"
},
{
"category": "external",
"summary": "SUSE Bug 1235074 for CVE-2024-56548",
"url": "https://bugzilla.suse.com/1235074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56548"
},
{
"cve": "CVE-2024-56579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56579",
"url": "https://www.suse.com/security/cve/CVE-2024-56579"
},
{
"category": "external",
"summary": "SUSE Bug 1236575 for CVE-2024-56579",
"url": "https://bugzilla.suse.com/1236575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (\u0026htab-\u003elockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab\u0027s lock (s-\u003ecpu_slab-\u003elock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock\u0027s type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for -\u003emap_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes -\u003emap_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab-\u003eextra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn\u0027t support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn\u0027t have the problem, so kept\nit as\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56592",
"url": "https://www.suse.com/security/cve/CVE-2024-56592"
},
{
"category": "external",
"summary": "SUSE Bug 1235244 for CVE-2024-56592",
"url": "https://bugzilla.suse.com/1235244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56592"
},
{
"cve": "CVE-2024-56605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56605",
"url": "https://www.suse.com/security/cve/CVE-2024-56605"
},
{
"category": "external",
"summary": "SUSE Bug 1234853 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1234853"
},
{
"category": "external",
"summary": "SUSE Bug 1235061 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235061"
},
{
"category": "external",
"summary": "SUSE Bug 1235062 for CVE-2024-56605",
"url": "https://bugzilla.suse.com/1235062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56605"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n has already been parsed before for inner header fetching to\n register.\n\n2) Validate that the percpu area refers to this skbuff using the\n skbuff pointer as a cookie. If there is a cookie mismatch, then\n this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56638",
"url": "https://www.suse.com/security/cve/CVE-2024-56638"
},
{
"category": "external",
"summary": "SUSE Bug 1235524 for CVE-2024-56638",
"url": "https://bugzilla.suse.com/1235524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56640",
"url": "https://www.suse.com/security/cve/CVE-2024-56640"
},
{
"category": "external",
"summary": "SUSE Bug 1235436 for CVE-2024-56640",
"url": "https://bugzilla.suse.com/1235436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56647",
"url": "https://www.suse.com/security/cve/CVE-2024-56647"
},
{
"category": "external",
"summary": "SUSE Bug 1235435 for CVE-2024-56647",
"url": "https://bugzilla.suse.com/1235435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final \u0027struct net\u0027 free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net-\u003exfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst-\u003eops-\u003edestroy)\n dst-\u003eops-\u003edestroy(dst);\n\ndst-\u003eops points to the old net-\u003exfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the \u0027struct net\u0027 to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 \u003cfa\u003e c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \u003c/TASK\u003e\nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56658",
"url": "https://www.suse.com/security/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "SUSE Bug 1235441 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235441"
},
{
"category": "external",
"summary": "SUSE Bug 1235442 for CVE-2024-56658",
"url": "https://bugzilla.suse.com/1235442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-56658"
},
{
"cve": "CVE-2024-56702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier\u0027s knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don\u0027t do this when ref_obj_id \u003e 0, as in\nthat case this is an acquired object and doesn\u0027t need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon\u0027t regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56702",
"url": "https://www.suse.com/security/cve/CVE-2024-56702"
},
{
"category": "external",
"summary": "SUSE Bug 1235501 for CVE-2024-56702",
"url": "https://bugzilla.suse.com/1235501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core\u2014indicated by their \u0027next\u0027 and\n\u0027previous\u0027 elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- \u003cIRQ stack\u003e --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56703",
"url": "https://www.suse.com/security/cve/CVE-2024-56703"
},
{
"category": "external",
"summary": "SUSE Bug 1235455 for CVE-2024-56703",
"url": "https://bugzilla.suse.com/1235455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev-\u003enext should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56718",
"url": "https://www.suse.com/security/cve/CVE-2024-56718"
},
{
"category": "external",
"summary": "SUSE Bug 1235589 for CVE-2024-56718",
"url": "https://bugzilla.suse.com/1235589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]\u0027s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv-\u003edma_cap.addr64 \u003e 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56719",
"url": "https://www.suse.com/security/cve/CVE-2024-56719"
},
{
"category": "external",
"summary": "SUSE Bug 1235591 for CVE-2024-56719",
"url": "https://bugzilla.suse.com/1235591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56720"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg-\u003esg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56720",
"url": "https://www.suse.com/security/cve/CVE-2024-56720"
},
{
"category": "external",
"summary": "SUSE Bug 1235592 for CVE-2024-56720",
"url": "https://bugzilla.suse.com/1235592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-56751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: release nexthop on device removal\n\nThe CI is hitting some aperiodic hangup at device removal time in the\npmtu.sh self-test:\n\nunregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6\nref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at\n\tdst_init+0x84/0x4a0\n\tdst_alloc+0x97/0x150\n\tip6_dst_alloc+0x23/0x90\n\tip6_rt_pcpu_alloc+0x1e6/0x520\n\tip6_pol_route+0x56f/0x840\n\tfib6_rule_lookup+0x334/0x630\n\tip6_route_output_flags+0x259/0x480\n\tip6_dst_lookup_tail.constprop.0+0x5c2/0x940\n\tip6_dst_lookup_flow+0x88/0x190\n\tudp_tunnel6_dst_lookup+0x2a7/0x4c0\n\tvxlan_xmit_one+0xbde/0x4a50 [vxlan]\n\tvxlan_xmit+0x9ad/0xf20 [vxlan]\n\tdev_hard_start_xmit+0x10e/0x360\n\t__dev_queue_xmit+0xf95/0x18c0\n\tarp_solicit+0x4a2/0xe00\n\tneigh_probe+0xaa/0xf0\n\nWhile the first suspect is the dst_cache, explicitly tracking the dst\nowing the last device reference via probes proved such dst is held by\nthe nexthop in the originating fib6_info.\n\nSimilar to commit f5b51fe804ec (\"ipv6: route: purge exception on\nremoval\"), we need to explicitly release the originating fib info when\ndisconnecting a to-be-removed device from a live ipv6 dst: move the\nfib6_info cleanup into ip6_dst_ifdown().\n\nTested running:\n\n./pmtu.sh cleanup_ipv6_exception\n\nin a tight loop for more than 400 iterations with no spat, running an\nunpatched kernel I observed a splat every ~10 iterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56751",
"url": "https://www.suse.com/security/cve/CVE-2024-56751"
},
{
"category": "external",
"summary": "SUSE Bug 1234936 for CVE-2024-56751",
"url": "https://bugzilla.suse.com/1234936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56758",
"url": "https://www.suse.com/security/cve/CVE-2024-56758"
},
{
"category": "external",
"summary": "SUSE Bug 1235621 for CVE-2024-56758",
"url": "https://bugzilla.suse.com/1235621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56770"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: netem: account for backlog updates from child qdisc\n\nIn general, \u0027qlen\u0027 of any classful qdisc should keep track of the\nnumber of packets that the qdisc itself and all of its children holds.\nIn case of netem, \u0027qlen\u0027 only accounts for the packets in its internal\ntfifo. When netem is used with a child qdisc, the child qdisc can use\n\u0027qdisc_tree_reduce_backlog\u0027 to inform its parent, netem, about created\nor dropped SKBs. This function updates \u0027qlen\u0027 and the backlog statistics\nof netem, but netem does not account for changes made by a child qdisc.\n\u0027qlen\u0027 then indicates the wrong number of packets in the tfifo.\nIf a child qdisc creates new SKBs during enqueue and informs its parent\nabout this, netem\u0027s \u0027qlen\u0027 value is increased. When netem dequeues the\nnewly created SKBs from the child, the \u0027qlen\u0027 in netem is not updated.\nIf \u0027qlen\u0027 reaches the configured sch-\u003elimit, the enqueue function stops\nworking, even though the tfifo is not full.\n\nReproduce the bug:\nEnsure that the sender machine has GSO enabled. Configure netem as root\nqdisc and tbf as its child on the outgoing interface of the machine\nas follows:\n$ tc qdisc add dev \u003coif\u003e root handle 1: netem delay 100ms limit 100\n$ tc qdisc add dev \u003coif\u003e parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms\n\nSend bulk TCP traffic out via this interface, e.g., by running an iPerf3\nclient on the machine. Check the qdisc statistics:\n$ tc -s qdisc show dev \u003coif\u003e\n\nStatistics after 10s of iPerf3 TCP test before the fix (note that\nnetem\u0027s backlog \u003e limit, netem stopped accepting packets):\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0)\n backlog 4294528236b 1155p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0)\n backlog 0b 0p requeues 0\n\nStatistics after the fix:\nqdisc netem 1: root refcnt 2 limit 1000 delay 100ms\n Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0)\n backlog 0b 0p requeues 0\nqdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms\n Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0)\n backlog 0b 0p requeues 0\n\ntbf segments the GSO SKBs (tbf_segment) and updates the netem\u0027s \u0027qlen\u0027.\nThe interface fully stops transferring packets and \"locks\". In this case,\nthe child qdisc and tfifo are empty, but \u0027qlen\u0027 indicates the tfifo is at\nits limit and no more packets are accepted.\n\nThis patch adds a counter for the entries in the tfifo. Netem\u0027s \u0027qlen\u0027 is\nonly decreased when a packet is returned by its dequeue function, and not\nduring enqueuing into the child qdisc. External updates to \u0027qlen\u0027 are thus\naccounted for and only the behavior of the backlog statistics changes. As\nin other qdiscs, \u0027qlen\u0027 then keeps track of how many packets are held in\nnetem and all of its children. As before, sch-\u003elimit remains as the\nmaximum number of packets in the tfifo. The same applies to netem\u0027s\nbacklog statistics.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56770",
"url": "https://www.suse.com/security/cve/CVE-2024-56770"
},
{
"category": "external",
"summary": "SUSE Bug 1235637 for CVE-2024-56770",
"url": "https://bugzilla.suse.com/1235637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57807"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix for a potential deadlock\n\nThis fixes a \u0027possible circular locking dependency detected\u0027 warning\n CPU0 CPU1\n ---- ----\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n lock(\u0026instance-\u003ereset_mutex);\n lock(\u0026shost-\u003escan_mutex);\n\nFix this by temporarily releasing the reset_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57807",
"url": "https://www.suse.com/security/cve/CVE-2024-57807"
},
{
"category": "external",
"summary": "SUSE Bug 1235761 for CVE-2024-57807",
"url": "https://bugzilla.suse.com/1235761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57807"
},
{
"cve": "CVE-2024-57834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57834"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread\n\nsyzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1]\n\nIf dvb-\u003emux is not initialized successfully by vidtv_mux_init() in the\nvidtv_start_streaming(), it will trigger null pointer dereference about mux\nin vidtv_mux_stop_thread().\n\nAdjust the timing of streaming initialization and check it before\nstopping it.\n\n[1]\nKASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\nCPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:vidtv_mux_stop_thread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471\nCode: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8\nRSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125\nRDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128\nRBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188\nR13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710\nFS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline]\n vidtv_stop_feed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252\n dmx_section_feed_stop_filtering+0x90/0x160 drivers/media/dvb-core/dvb_demux.c:1000\n dvb_dmxdev_feed_stop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486\n dvb_dmxdev_filter_stop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559\n dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline]\n dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246\n __fput+0x3f8/0xb60 fs/file_table.c:450\n task_work_run+0x14e/0x250 kernel/task_work.c:239\n get_signal+0x1d3/0x2610 kernel/signal.c:2790\n arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop kernel/entry/common.c:111 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218\n do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57834",
"url": "https://www.suse.com/security/cve/CVE-2024-57834"
},
{
"category": "external",
"summary": "SUSE Bug 1238993 for CVE-2024-57834",
"url": "https://bugzilla.suse.com/1238993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix TCP options overflow.\n\nSyzbot reported the following splat:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nRIP: 0010:_compound_head include/linux/page-flags.h:242 [inline]\nRIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552\nCode: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 \u003c80\u003e 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83\nRSP: 0000:ffffc90003916c90 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac\nR10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007\nR13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_page_unref include/linux/skbuff_ref.h:43 [inline]\n __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]\n skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb+0x55/0x70 net/core/skbuff.c:1204\n tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline]\n tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032\n tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805\n tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939\n tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351\n ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314\n __netif_receive_skb_one_core net/core/dev.c:5672 [inline]\n __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785\n process_backlog+0x662/0x15b0 net/core/dev.c:6117\n __napi_poll+0xcb/0x490 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:7074\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\nRIP: 0033:0x7f34f4519ad5\nCode: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83\nRSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246\nRAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5\nRDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0\nRBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000\nR10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4\nR13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68\n \u003c/TASK\u003e\n\nEric noted a probable shinfo-\u003enr_frags corruption, which indeed\noccurs.\n\nThe root cause is a buggy MPTCP option len computation in some\ncircumstances: the ADD_ADDR option should be mutually exclusive\nwith DSS since the blamed commit.\n\nStill, mptcp_established_options_add_addr() tries to set the\nrelevant info in mptcp_out_options, if \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57882",
"url": "https://www.suse.com/security/cve/CVE-2024-57882"
},
{
"category": "external",
"summary": "SUSE Bug 1235914 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235914"
},
{
"category": "external",
"summary": "SUSE Bug 1235916 for CVE-2024-57882",
"url": "https://bugzilla.suse.com/1235916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57882"
},
{
"cve": "CVE-2024-57889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n BUG: sleeping function called from invalid context\n at kernel/locking/mutex.c:283\n in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n preempt_count: 1, expected: 0\n ...\n Call Trace:\n ...\n __might_resched+0x104/0x10e\n __might_sleep+0x3e/0x62\n mutex_lock+0x20/0x4c\n regmap_lock_mutex+0x10/0x18\n regmap_update_bits_base+0x2c/0x66\n mcp23s08_irq_set_type+0x1ae/0x1d6\n __irq_set_trigger+0x56/0x172\n __setup_irq+0x1e6/0x646\n request_threaded_irq+0xb6/0x160\n ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57889",
"url": "https://www.suse.com/security/cve/CVE-2024-57889"
},
{
"category": "external",
"summary": "SUSE Bug 1236573 for CVE-2024-57889",
"url": "https://bugzilla.suse.com/1236573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: serialize calls to nf_register_net_hooks()\n\nsyzbot found a race in ila_add_mapping() [1]\n\ncommit 031ae72825ce (\"ila: call nf_unregister_net_hooks() sooner\")\nattempted to fix a similar issue.\n\nLooking at the syzbot repro, we have concurrent ILA_CMD_ADD commands.\n\nAdd a mutex to make sure at most one thread is calling nf_register_net_hooks().\n\n[1]\n BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\nRead of size 4 at addr ffff888028f40008 by task dhcpcd/5501\n\nCPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626\n nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269\n NF_HOOK include/linux/netfilter.h:312 [inline]\n ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309\n __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672\n __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785\n process_backlog+0x443/0x15f0 net/core/dev.c:6117\n __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883\n napi_poll net/core/dev.c:6952 [inline]\n net_rx_action+0xa94/0x1010 net/core/dev.c:7074\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57900",
"url": "https://www.suse.com/security/cve/CVE-2024-57900"
},
{
"category": "external",
"summary": "SUSE Bug 1235973 for CVE-2024-57900",
"url": "https://bugzilla.suse.com/1235973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_set_pipapo: fix initial map fill\n\nThe initial buffer has to be inited to all-ones, but it must restrict\nit to the size of the first field, not the total field size.\n\nAfter each round in the map search step, the result and the fill map\nare swapped, so if we have a set where f-\u003ebsize of the first element\nis smaller than m-\u003ebsize_max, those one-bits are leaked into future\nrounds result map.\n\nThis makes pipapo find an incorrect matching results for sets where\nfirst field size is not the largest.\n\nFollowup patch adds a test case to nft_concat_range.sh selftest script.\n\nThanks to Stefano Brivio for pointing out that we need to zero out\nthe remainder explicitly, only correcting memset() argument isn\u0027t enough.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57947",
"url": "https://www.suse.com/security/cve/CVE-2024-57947"
},
{
"category": "external",
"summary": "SUSE Bug 1236333 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1236333"
},
{
"category": "external",
"summary": "SUSE Bug 1245799 for CVE-2024-57947",
"url": "https://bugzilla.suse.com/1245799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: check local interfaces before deleting sdata list\n\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\n\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\nhardware device from the system.\n\nCPU0\t\t\t\t\tCPU1\n====\t\t\t\t\t====\ngenl_family_rcv_msg_doit\t\tieee802154_unregister_hw\nieee802154_del_iface\t\t\tieee802154_remove_interfaces\nrdev_del_virtual_intf_deprecated\tlist_del(\u0026sdata-\u003elist)\nieee802154_if_remove\nlist_del_rcu\n\nThe net device has been unregistered, since the rcu grace period,\nunregistration must be run before ieee802154_if_remove.\n\nTo avoid this issue, add a check for local-\u003einterfaces before deleting\nsdata list.\n\n[1]\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nRIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56\nCode: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 \u003c0f\u003e 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7\nRSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246\nRAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00\nRDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\nRBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d\nR10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000\nR13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0\nFS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:124 [inline]\n __list_del_entry include/linux/list.h:215 [inline]\n list_del_rcu include/linux/rculist.h:157 [inline]\n ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687\n rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]\n ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901\n sock_sendmsg_nosec net/socket.c:729 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:744\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607\n ___sys_sendmsg net/socket.c:2661 [inline]\n __sys_sendmsg+0x292/0x380 net/socket.c:2690\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57948",
"url": "https://www.suse.com/security/cve/CVE-2024-57948"
},
{
"category": "external",
"summary": "SUSE Bug 1236677 for CVE-2024-57948",
"url": "https://bugzilla.suse.com/1236677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrdma/cxgb4: Prevent potential integer overflow on 32bit\n\nThe \"gl-\u003etot_len\" variable is controlled by the user. It comes from\nprocess_responses(). On 32bit systems, the \"gl-\u003etot_len + sizeof(struct\ncpl_pass_accept_req) + sizeof(struct rss_header)\" addition could have an\ninteger wrapping bug. Use size_add() to prevent this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57973",
"url": "https://www.suse.com/security/cve/CVE-2024-57973"
},
{
"category": "external",
"summary": "SUSE Bug 1238531 for CVE-2024-57973",
"url": "https://bugzilla.suse.com/1238531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Deal with race between UDP socket address change and rehash\n\nIf a UDP socket changes its local address while it\u0027s receiving\ndatagrams, as a result of connect(), there is a period during which\na lookup operation might fail to find it, after the address is changed\nbut before the secondary hash (port and address) and the four-tuple\nhash (local and remote ports and addresses) are updated.\n\nSecondary hash chains were introduced by commit 30fff9231fad (\"udp:\nbind() optimisation\") and, as a result, a rehash operation became\nneeded to make a bound socket reachable again after a connect().\n\nThis operation was introduced by commit 719f835853a9 (\"udp: add\nrehash on connect()\") which isn\u0027t however a complete fix: the\nsocket will be found once the rehashing completes, but not while\nit\u0027s pending.\n\nThis is noticeable with a socat(1) server in UDP4-LISTEN mode, and a\nclient sending datagrams to it. After the server receives the first\ndatagram (cf. _xioopen_ipdgram_listen()), it issues a connect() to\nthe address of the sender, in order to set up a directed flow.\n\nNow, if the client, running on a different CPU thread, happens to\nsend a (subsequent) datagram while the server\u0027s socket changes its\naddress, but is not rehashed yet, this will result in a failed\nlookup and a port unreachable error delivered to the client, as\napparent from the following reproducer:\n\n LEN=$(($(cat /proc/sys/net/core/wmem_default) / 4))\n dd if=/dev/urandom bs=1 count=${LEN} of=tmp.in\n\n while :; do\n \ttaskset -c 1 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.1 || sleep 1\n \ttaskset -c 2 socat OPEN:tmp.in UDP4:localhost:1337,shut-null\n \twait\n done\n\nwhere the client will eventually get ECONNREFUSED on a write()\n(typically the second or third one of a given iteration):\n\n 2024/11/13 21:28:23 socat[46901] E write(6, 0x556db2e3c000, 8192): Connection refused\n\nThis issue was first observed as a seldom failure in Podman\u0027s tests\nchecking UDP functionality while using pasta(1) to connect the\ncontainer\u0027s network namespace, which leads us to a reproducer with\nthe lookup error resulting in an ICMP packet on a tap device:\n\n LOCAL_ADDR=\"$(ip -j -4 addr show|jq -rM \u0027.[] | .addr_info[0] | select(.scope == \"global\").local\u0027)\"\n\n while :; do\n \t./pasta --config-net -p pasta.pcap -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.2 || sleep 1\n \tsocat OPEN:tmp.in UDP4:${LOCAL_ADDR}:1337,shut-null\n \twait\n \tcmp tmp.in tmp.out\n done\n\nOnce this fails:\n\n tmp.in tmp.out differ: char 8193, line 29\n\nwe can finally have a look at what\u0027s going on:\n\n $ tshark -r pasta.pcap\n 1 0.000000 :: ? ff02::16 ICMPv6 110 Multicast Listener Report Message v2\n 2 0.168690 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 3 0.168767 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 4 0.168806 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 5 0.168827 c6:47:05:8d:dc:04 ? Broadcast ARP 42 Who has 88.198.0.161? Tell 88.198.0.164\n 6 0.168851 9a:55:9a:55:9a:55 ? c6:47:05:8d:dc:04 ARP 42 88.198.0.161 is at 9a:55:9a:55:9a:55\n 7 0.168875 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 8 0.168896 88.198.0.164 ? 88.198.0.161 ICMP 590 Destination unreachable (Port unreachable)\n 9 0.168926 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 10 0.168959 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 11 0.168989 88.198.0.161 ? 88.198.0.164 UDP 4138 60260 ? 1337 Len=4096\n 12 0.169010 88.198.0.161 ? 88.198.0.164 UDP 42 60260 ? 1337 Len=0\n\nOn the third datagram received, the network namespace of the container\ninitiates an ARP lookup to deliver the ICMP message.\n\nIn another variant of this reproducer, starting the client with:\n\n strace -f pasta --config-net -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,tru\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57974",
"url": "https://www.suse.com/security/cve/CVE-2024-57974"
},
{
"category": "external",
"summary": "SUSE Bug 1238532 for CVE-2024-57974",
"url": "https://bugzilla.suse.com/1238532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Fix potential error pointer dereference in detach_pm()\n\nThe proble is on the first line:\n\n\tif (jpeg-\u003epd_dev[i] \u0026\u0026 !pm_runtime_suspended(jpeg-\u003epd_dev[i]))\n\nIf jpeg-\u003epd_dev[i] is an error pointer, then passing it to\npm_runtime_suspended() will lead to an Oops. The other conditions\ncheck for both error pointers and NULL, but it would be more clear to\nuse the IS_ERR_OR_NULL() check for that.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57978",
"url": "https://www.suse.com/security/cve/CVE-2024-57978"
},
{
"category": "external",
"summary": "SUSE Bug 1238523 for CVE-2024-57978",
"url": "https://bugzilla.suse.com/1238523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: Fix a use-after-free\n\nOn a board running ntpd and gpsd, I\u0027m seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\n\n pps pps1: removed\n ------------[ cut here ]------------\n kobject: \u0027(null)\u0027 (00000000db4bec24): is not initialized, yet kobject_put() is being called.\n WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\n CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\n Hardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : kobject_put+0x120/0x150\n lr : kobject_put+0x120/0x150\n sp : ffffffc0803d3ae0\n x29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\n x26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\n x23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\n x20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\n x14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n kobject_put+0x120/0x150\n cdev_put+0x20/0x3c\n __fput+0x2c4/0x2d8\n ____fput+0x1c/0x38\n task_work_run+0x70/0xfc\n do_exit+0x2a0/0x924\n do_group_exit+0x34/0x90\n get_signal+0x7fc/0x8c0\n do_signal+0x128/0x13b4\n do_notify_resume+0xdc/0x160\n el0_svc+0xd4/0xf8\n el0t_64_sync_handler+0x140/0x14c\n el0t_64_sync+0x190/0x194\n ---[ end trace 0000000000000000 ]---\n\n...followed by more symptoms of corruption, with similar stacks:\n\n refcount_t: underflow; use-after-free.\n kernel BUG at lib/list_debug.c:62!\n Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can\u0027t explain why it suddenly started happening every time\nI reboot this particular board.\n\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I\u0027ve\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\n\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps-\u003edev refcount can\u0027t reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps-\u003edev.\n\n pps_core: source serial1 got cdev (251:1)\n \u003c...\u003e\n pps pps1: removed\n pps_core: unregistering pps1\n pps_core: deallocating pps1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57979",
"url": "https://www.suse.com/security/cve/CVE-2024-57979"
},
{
"category": "external",
"summary": "SUSE Bug 1238521 for CVE-2024-57979",
"url": "https://bugzilla.suse.com/1238521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57980"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix double free in error path\n\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev-\u003estatus pointer but doesn\u0027t reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev-\u003estatus pointer to\nNULL after freeing it.\n\nReviewed by: Ricardo Ribalda \u003cribalda@chromium.org\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57980",
"url": "https://www.suse.com/security/cve/CVE-2024-57980"
},
{
"category": "external",
"summary": "SUSE Bug 1237911 for CVE-2024-57980",
"url": "https://bugzilla.suse.com/1237911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix NULL pointer dereference on certain command aborts\n\nIf a command is queued to the final usable TRB of a ring segment, the\nenqueue pointer is advanced to the subsequent link TRB and no further.\nIf the command is later aborted, when the abort completion is handled\nthe dequeue pointer is advanced to the first TRB of the next segment.\n\nIf no further commands are queued, xhci_handle_stopped_cmd_ring() sees\nthe ring pointers unequal and assumes that there is a pending command,\nso it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.\n\nDon\u0027t attempt timer setup if cur_cmd is NULL. The subsequent doorbell\nring likely is unnecessary too, but it\u0027s harmless. Leave it alone.\n\nThis is probably Bug 219532, but no confirmation has been received.\n\nThe issue has been independently reproduced and confirmed fixed using\na USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.\nEverything continued working normally after several prevented crashes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57981",
"url": "https://www.suse.com/security/cve/CVE-2024-57981"
},
{
"category": "external",
"summary": "SUSE Bug 1237912 for CVE-2024-57981",
"url": "https://bugzilla.suse.com/1237912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Fix assumption that Resolution Multipliers must be in Logical Collections\n\nA report in 2019 by the syzbot fuzzer was found to be connected to two\nerrors in the HID core associated with Resolution Multipliers. One of\nthe errors was fixed by commit ea427a222d8b (\"HID: core: Fix deadloop\nin hid_apply_multiplier.\"), but the other has not been fixed.\n\nThis error arises because hid_apply_multipler() assumes that every\nResolution Multiplier control is contained in a Logical Collection,\ni.e., there\u0027s no way the routine can ever set multiplier_collection to\nNULL. This is in spite of the fact that the function starts with a\nbig comment saying:\n\n\t * \"The Resolution Multiplier control must be contained in the same\n\t * Logical Collection as the control(s) to which it is to be applied.\n\t ...\n\t * If no Logical Collection is\n\t * defined, the Resolution Multiplier is associated with all\n\t * controls in the report.\"\n\t * HID Usage Table, v1.12, Section 4.3.1, p30\n\t *\n\t * Thus, search from the current collection upwards until we find a\n\t * logical collection...\n\nThe comment and the code overlook the possibility that none of the\ncollections found may be a Logical Collection.\n\nThe fix is to set the multiplier_collection pointer to NULL if the\ncollection found isn\u0027t a Logical Collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57986",
"url": "https://www.suse.com/security/cve/CVE-2024-57986"
},
{
"category": "external",
"summary": "SUSE Bug 1237907 for CVE-2024-57986",
"url": "https://bugzilla.suse.com/1237907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57990"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: fix off by one in mt7925_load_clc()\n\nThis comparison should be \u003e= instead of \u003e to prevent an out of bounds\nread and write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57990",
"url": "https://www.suse.com/security/cve/CVE-2024-57990"
},
{
"category": "external",
"summary": "SUSE Bug 1237900 for CVE-2024-57990",
"url": "https://bugzilla.suse.com/1237900"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check\n\nsyzbot has found a type mismatch between a USB pipe and the transfer\nendpoint, which is triggered by the hid-thrustmaster driver[1].\nThere is a number of similar, already fixed issues [2].\nIn this case as in others, implementing check for endpoint type fixes the issue.\n\n[1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470\n[2] https://syzkaller.appspot.com/bug?extid=348331f63b034f89b622",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57993",
"url": "https://www.suse.com/security/cve/CVE-2024-57993"
},
{
"category": "external",
"summary": "SUSE Bug 1237894 for CVE-2024-57993",
"url": "https://bugzilla.suse.com/1237894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()\n\nJakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()\nto increase test coverage.\n\nsyzbot found a splat caused by hard irq blocking in\nptr_ring_resize_multiple() [1]\n\nAs current users of ptr_ring_resize_multiple() do not require\nhard irqs being masked, replace it to only block BH.\n\nRename helpers to better reflect they are safe against BH only.\n\n- ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()\n- skb_array_resize_multiple() to skb_array_resize_multiple_bh()\n\n[1]\n\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]\nWARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nModules linked in:\nCPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]\nRIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780\nCode: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 \u003c0f\u003e 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85\nRSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083\nRAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000\nRDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843\nRBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d\nR10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040\nR13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff\nFS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tun_ptr_free drivers/net/tun.c:617 [inline]\n __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]\n ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]\n tun_queue_resize drivers/net/tun.c:3694 [inline]\n tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]\n call_netdevice_notifiers net/core/dev.c:2046 [inline]\n dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024\n do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923\n rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201\n rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57994",
"url": "https://www.suse.com/security/cve/CVE-2024-57994"
},
{
"category": "external",
"summary": "SUSE Bug 1237901 for CVE-2024-57994",
"url": "https://bugzilla.suse.com/1237901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don\u0027t allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q-\u003etail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57996",
"url": "https://www.suse.com/security/cve/CVE-2024-57996"
},
{
"category": "external",
"summary": "SUSE Bug 1239076 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239076"
},
{
"category": "external",
"summary": "SUSE Bug 1239077 for CVE-2024-57996",
"url": "https://bugzilla.suse.com/1239077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wcn36xx: fix channel survey memory allocation size\n\nKASAN reported a memory allocation issue in wcn-\u003echan_survey\ndue to incorrect size calculation.\nThis commit uses kcalloc to allocate memory for wcn-\u003echan_survey,\nensuring proper initialization and preventing the use of uninitialized\nvalues when there are no frames on the channel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57997",
"url": "https://www.suse.com/security/cve/CVE-2024-57997"
},
{
"category": "external",
"summary": "SUSE Bug 1238529 for CVE-2024-57997",
"url": "https://bugzilla.suse.com/1238529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-57999"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW\n\nPower Hypervisor can possibily allocate MMIO window intersecting with\nDynamic DMA Window (DDW) range, which is over 32-bit addressing.\n\nThese MMIO pages needs to be marked as reserved so that IOMMU doesn\u0027t map\nDMA buffers in this range.\n\nThe current code is not marking these pages correctly which is resulting\nin LPAR to OOPS while booting. The stack is at below\n\nBUG: Unable to handle kernel data access on read at 0xc00800005cd40000\nFaulting instruction address: 0xc00000000005cdac\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod\nSupported: Yes, External\nCPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b\nHardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries\nWorkqueue: events work_for_cpu_fn\nNIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000\nREGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default)\nMSR: 800000000280b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 24228448 XER: 00000001\nCFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0\nGPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800\nGPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000\nGPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff\nGPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000\nGPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800\nGPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b\nGPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8\nGPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800\nNIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100\nLR [c00000000005e830] iommu_init_table+0x80/0x1e0\nCall Trace:\n[c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable)\n[c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40\n[c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230\n[c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90\n[c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80\n[c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net]\n[c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110\n[c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60\n[c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620\n[c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620\n[c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150\n[c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18\n\nThere are 2 issues in the code\n\n1. The index is \"int\" while the address is \"unsigned long\". This results in\n negative value when setting the bitmap.\n\n2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit\n address). MMIO address needs to be page shifted as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-57999",
"url": "https://www.suse.com/security/cve/CVE-2024-57999"
},
{
"category": "external",
"summary": "SUSE Bug 1238526 for CVE-2024-57999",
"url": "https://bugzilla.suse.com/1238526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58002"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Remove dangling pointers\n\nWhen an async control is written, we copy a pointer to the file handle\nthat started the operation. That pointer will be used when the device is\ndone. Which could be anytime in the future.\n\nIf the user closes that file descriptor, its structure will be freed,\nand there will be one dangling pointer per pending async control, that\nthe driver will try to use.\n\nClean all the dangling pointers during release().\n\nTo avoid adding a performance penalty in the most common case (no async\noperation), a counter has been introduced with some logic to make sure\nthat it is properly handled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58002",
"url": "https://www.suse.com/security/cve/CVE-2024-58002"
},
{
"category": "external",
"summary": "SUSE Bug 1238503 for CVE-2024-58002",
"url": "https://bugzilla.suse.com/1238503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Change to kvalloc() in eventlog/acpi.c\n\nThe following failure was reported on HPE ProLiant D320:\n\n[ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0)\n[ 10.848132][ T1] ------------[ cut here ]------------\n[ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330\n[ 10.862827][ T1] Modules linked in:\n[ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155.2.g52785e2-default #1 openSUSE Tumbleweed (unreleased) 588cd98293a7c9eba9013378d807364c088c9375\n[ 10.882741][ T1] Hardware name: HPE ProLiant DL320 Gen12/ProLiant DL320 Gen12, BIOS 1.20 10/28/2024\n[ 10.892170][ T1] RIP: 0010:__alloc_pages_noprof+0x2ca/0x330\n[ 10.898103][ T1] Code: 24 08 e9 4a fe ff ff e8 34 36 fa ff e9 88 fe ff ff 83 fe 0a 0f 86 b3 fd ff ff 80 3d 01 e7 ce 01 00 75 09 c6 05 f8 e6 ce 01 01 \u003c0f\u003e 0b 45 31 ff e9 e5 fe ff ff f7 c2 00 00 08 00 75 42 89 d9 80 e1\n[ 10.917750][ T1] RSP: 0000:ffffb7cf40077980 EFLAGS: 00010246\n[ 10.923777][ T1] RAX: 0000000000000000 RBX: 0000000000040cc0 RCX: 0000000000000000\n[ 10.931727][ T1] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000000000040cc0\n\nThe above transcript shows that ACPI pointed a 16 MiB buffer for the log\nevents because RSI maps to the \u0027order\u0027 parameter of __alloc_pages_noprof().\nAddress the bug by moving from devm_kmalloc() to devm_add_action() and\nkvmalloc() and devm_add_action().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58005",
"url": "https://www.suse.com/security/cve/CVE-2024-58005"
},
{
"category": "external",
"summary": "SUSE Bug 1237873 for CVE-2024-58005",
"url": "https://bugzilla.suse.com/1237873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()\n\nIn commit 4284c88fff0e (\"PCI: designware-ep: Allow pci_epc_set_bar() update\ninbound map address\") set_bar() was modified to support dynamically\nchanging the backing physical address of a BAR that was already configured.\n\nThis means that set_bar() can be called twice, without ever calling\nclear_bar() (as calling clear_bar() would clear the BAR\u0027s PCI address\nassigned by the host).\n\nThis can only be done if the new BAR size/flags does not differ from the\nexisting BAR configuration. Add these missing checks.\n\nIf we allow set_bar() to set e.g. a new BAR size that differs from the\nexisting BAR size, the new address translation range will be smaller than\nthe BAR size already determined by the host, which would mean that a read\npast the new BAR size would pass the iATU untranslated, which could allow\nthe host to read memory not belonging to the new struct pci_epf_bar.\n\nWhile at it, add comments which clarifies the support for dynamically\nchanging the physical address of a BAR. (Which was also missing.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58006",
"url": "https://www.suse.com/security/cve/CVE-2024-58006"
},
{
"category": "external",
"summary": "SUSE Bug 1238772 for CVE-2024-58006",
"url": "https://bugzilla.suse.com/1238772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: socinfo: Avoid out of bounds read of serial number\n\nOn MSM8916 devices, the serial number exposed in sysfs is constant and does\nnot change across individual devices. It\u0027s always:\n\n db410c:/sys/devices/soc0$ cat serial_number\n 2644893864\n\nThe firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not\nhave support for the serial_num field in the socinfo struct. There is an\nexisting check to avoid exposing the serial number in that case, but it\u0027s\nnot correct: When checking the item_size returned by SMEM, we need to make\nsure the *end* of the serial_num is within bounds, instead of comparing\nwith the *start* offset. The serial_number currently exposed on MSM8916\ndevices is just an out of bounds read of whatever comes after the socinfo\nstruct in SMEM.\n\nFix this by changing offsetof() to offsetofend(), so that the size of the\nfield is also taken into account.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58007",
"url": "https://www.suse.com/security/cve/CVE-2024-58007"
},
{
"category": "external",
"summary": "SUSE Bug 1238511 for CVE-2024-58007",
"url": "https://bugzilla.suse.com/1238511"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc\n\nA NULL sock pointer is passed into l2cap_sock_alloc() when it is called\nfrom l2cap_sock_new_connection_cb() and the error handling paths should\nalso be aware of it.\n\nSeemingly a more elegant solution would be to swap bt_sock_alloc() and\nl2cap_chan_create() calls since they are not interdependent to that moment\nbut then l2cap_chan_create() adds the soon to be deallocated and still\ndummy-initialized channel to the global list accessible by many L2CAP\npaths. The channel would be removed from the list in short period of time\nbut be a bit more straight-forward here and just check for NULL instead of\nchanging the order of function calls.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58009",
"url": "https://www.suse.com/security/cve/CVE-2024-58009"
},
{
"category": "external",
"summary": "SUSE Bug 1238760 for CVE-2024-58009",
"url": "https://bugzilla.suse.com/1238760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: int3472: Check for adev == NULL\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL. This\ncan e.g. (theoretically) happen when a user manually binds one of\nthe int3472 drivers to another i2c/platform device through sysfs.\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58011",
"url": "https://www.suse.com/security/cve/CVE-2024-58011"
},
{
"category": "external",
"summary": "SUSE Bug 1239080 for CVE-2024-58011",
"url": "https://bugzilla.suse.com/1239080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params\n\nEach cpu DAI should associate with a widget. However, the topology might\nnot create the right number of DAI widgets for aggregated amps. And it\nwill cause NULL pointer deference.\nCheck that the DAI widget associated with the CPU DAI is valid to prevent\nNULL pointer deference due to missing DAI widgets in topologies with\naggregated amps.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58012",
"url": "https://www.suse.com/security/cve/CVE-2024-58012"
},
{
"category": "external",
"summary": "SUSE Bug 1239104 for CVE-2024-58012",
"url": "https://bugzilla.suse.com/1239104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\nRead of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961\n\nCPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 16026:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n sock_write_iter+0x2d7/0x3f0 net/socket.c:1147\n new_sync_write fs/read_write.c:586 [inline]\n vfs_write+0xaeb/0xd30 fs/read_write.c:679\n ksys_write+0x18f/0x2b0 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 16022:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kfree+0x196/0x420 mm/slub.c:4746\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550\n hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1209\n sock_ioctl+0x626/0x8e0 net/socket.c:1328\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58013",
"url": "https://www.suse.com/security/cve/CVE-2024-58013"
},
{
"category": "external",
"summary": "SUSE Bug 1239095 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239095"
},
{
"category": "external",
"summary": "SUSE Bug 1239096 for CVE-2024-58013",
"url": "https://bugzilla.suse.com/1239096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()\n\nIn \u0027wlc_phy_iqcal_gainparams_nphy()\u0027, add gain range check to WARN()\ninstead of possible out-of-bounds \u0027tbl_iqcal_gainparams_nphy\u0027 access.\nCompile tested only.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58014",
"url": "https://www.suse.com/security/cve/CVE-2024-58014"
},
{
"category": "external",
"summary": "SUSE Bug 1239109 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239109"
},
{
"category": "external",
"summary": "SUSE Bug 1239110 for CVE-2024-58014",
"url": "https://bugzilla.suse.com/1239110"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nprintk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX\n\nShifting 1 \u003c\u003c 31 on a 32-bit int causes signed integer overflow, which\nleads to undefined behavior. To prevent this, cast 1 to u32 before\nperforming the shift, ensuring well-defined behavior.\n\nThis change explicitly avoids any potential overflow by ensuring that\nthe shift occurs on an unsigned 32-bit integer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58017",
"url": "https://www.suse.com/security/cve/CVE-2024-58017"
},
{
"category": "external",
"summary": "SUSE Bug 1239112 for CVE-2024-58017",
"url": "https://bugzilla.suse.com/1239112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm: correctly calculate the available space of the GSP cmdq buffer\n\nr535_gsp_cmdq_push() waits for the available page in the GSP cmdq\nbuffer when handling a large RPC request. When it sees at least one\navailable page in the cmdq, it quits the waiting with the amount of\nfree buffer pages in the queue.\n\nUnfortunately, it always takes the [write pointer, buf_size) as\navailable buffer pages before rolling back and wrongly calculates the\nsize of the data should be copied. Thus, it can overwrite the RPC\nrequest that GSP is currently reading, which causes GSP hang due\nto corrupted RPC request:\n\n[ 549.209389] ------------[ cut here ]------------\n[ 549.214010] WARNING: CPU: 8 PID: 6314 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c:116 r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.225678] Modules linked in: nvkm(E+) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) mlx5_ib(E) amd64_edac(E) edac_mce_amd(E) kvm_amd(E) ib_uverbs(E) kvm(E) ib_core(E) acpi_ipmi(E) ipmi_si(E) mxm_wmi(E) ipmi_devintf(E) rapl(E) i2c_piix4(E) wmi_bmof(E) joydev(E) ptdma(E) acpi_cpufreq(E) k10temp(E) pcspkr(E) ipmi_msghandler(E) xfs(E) libcrc32c(E) ast(E) i2c_algo_bit(E) crct10dif_pclmul(E) drm_shmem_helper(E) nvme_tcp(E) crc32_pclmul(E) ahci(E) drm_kms_helper(E) libahci(E) nvme_fabrics(E) crc32c_intel(E) nvme(E) cdc_ether(E) mlx5_core(E) nvme_core(E) usbnet(E) drm(E) libata(E) ccp(E) ghash_clmulni_intel(E) mii(E) t10_pi(E) mlxfw(E) sp5100_tco(E) psample(E) pci_hyperv_intf(E) wmi(E) dm_multipath(E) sunrpc(E) dm_mirror(E) dm_region_hash(E) dm_log(E) dm_mod(E) be2iscsi(E) bnx2i(E) cnic(E) uio(E) cxgb4i(E) cxgb4(E) tls(E) libcxgbi(E) libcxgb(E) qla4xxx(E)\n[ 549.225752] iscsi_boot_sysfs(E) iscsi_tcp(E) libiscsi_tcp(E) libiscsi(E) scsi_transport_iscsi(E) fuse(E) [last unloaded: gsp_log(E)]\n[ 549.326293] CPU: 8 PID: 6314 Comm: insmod Tainted: G E 6.9.0-rc6+ #1\n[ 549.334039] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 549.341781] RIP: 0010:r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.347343] Code: 08 00 00 89 da c1 e2 0c 48 8d ac 11 00 10 00 00 48 8b 0c 24 48 85 c9 74 1f c1 e0 0c 4c 8d 6d 30 83 e8 30 89 01 e9 68 ff ff ff \u003c0f\u003e 0b 49 c7 c5 92 ff ff ff e9 5a ff ff ff ba ff ff ff ff be c0 0c\n[ 549.366090] RSP: 0018:ffffacbccaaeb7d0 EFLAGS: 00010246\n[ 549.371315] RAX: 0000000000000000 RBX: 0000000000000012 RCX: 0000000000923e28\n[ 549.378451] RDX: 0000000000000000 RSI: 0000000055555554 RDI: ffffacbccaaeb730\n[ 549.385590] RBP: 0000000000000001 R08: ffff8bd14d235f70 R09: ffff8bd14d235f70\n[ 549.392721] R10: 0000000000000002 R11: ffff8bd14d233864 R12: 0000000000000020\n[ 549.399854] R13: ffffacbccaaeb818 R14: 0000000000000020 R15: ffff8bb298c67000\n[ 549.406988] FS: 00007f5179244740(0000) GS:ffff8bd14d200000(0000) knlGS:0000000000000000\n[ 549.415076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 549.420829] CR2: 00007fa844000010 CR3: 00000001567dc005 CR4: 0000000000770ef0\n[ 549.427963] PKRU: 55555554\n[ 549.430672] Call Trace:\n[ 549.433126] \u003cTASK\u003e\n[ 549.435233] ? __warn+0x7f/0x130\n[ 549.438473] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.443426] ? report_bug+0x18a/0x1a0\n[ 549.447098] ? handle_bug+0x3c/0x70\n[ 549.450589] ? exc_invalid_op+0x14/0x70\n[ 549.454430] ? asm_exc_invalid_op+0x16/0x20\n[ 549.458619] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.463565] r535_gsp_msg_recv+0x46/0x230 [nvkm]\n[ 549.468257] r535_gsp_rpc_push+0x106/0x160 [nvkm]\n[ 549.473033] r535_gsp_rpc_rm_ctrl_push+0x40/0x130 [nvkm]\n[ 549.478422] nvidia_grid_init_vgpu_types+0xbc/0xe0 [nvkm]\n[ 549.483899] nvidia_grid_init+0xb1/0xd0 [nvkm]\n[ 549.488420] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 549.493213] nvkm_device_pci_probe+0x305/0x420 [nvkm]\n[ 549.498338] local_pci_probe+0x46/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58018",
"url": "https://www.suse.com/security/cve/CVE-2024-58018"
},
{
"category": "external",
"summary": "SUSE Bug 1238990 for CVE-2024-58018",
"url": "https://bugzilla.suse.com/1238990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58018"
},
{
"cve": "CVE-2024-58019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm/gsp: correctly advance the read pointer of GSP message queue\n\nA GSP event message consists three parts: message header, RPC header,\nmessage body. GSP calculates the number of pages to write from the\ntotal size of a GSP message. This behavior can be observed from the\nmovement of the write pointer.\n\nHowever, nvkm takes only the size of RPC header and message body as\nthe message size when advancing the read pointer. When handling a\ntwo-page GSP message in the non rollback case, It wrongly takes the\nmessage body of the previous message as the message header of the next\nmessage. As the \"message length\" tends to be zero, in the calculation of\nsize needs to be copied (0 - size of (message header)), the size needs to\nbe copied will be \"0xffffffxx\". It also triggers a kernel panic due to a\nNULL pointer error.\n\n[ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@.......\n[ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................\n[ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................\n[ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................\n[ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 547.669485] #PF: supervisor read access in kernel mode\n[ 547.674624] #PF: error_code(0x0000) - not-present page\n[ 547.679755] PGD 0 P4D 0\n[ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1\n[ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm]\n[ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 \u003c8b\u003e 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05\n[ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203\n[ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f\n[ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010\n[ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0\n[ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000\n[ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000\n[ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000\n[ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0\n[ 547.793896] PKRU: 55555554\n[ 547.796600] Call Trace:\n[ 547.799046] \u003cTASK\u003e\n[ 547.801152] ? __die+0x20/0x70\n[ 547.804211] ? page_fault_oops+0x75/0x170\n[ 547.808221] ? print_hex_dump+0x100/0x160\n[ 547.812226] ? exc_page_fault+0x64/0x150\n[ 547.816152] ? asm_exc_page_fault+0x22/0x30\n[ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm]\n[ 547.829845] process_one_work+0x196/0x3d0\n[ 547.833861] worker_thread+0x2fc/0x410\n[ 547.837613] ? __pfx_worker_thread+0x10/0x10\n[ 547.841885] kthread+0xdf/0x110\n[ 547.845031] ? __pfx_kthread+0x10/0x10\n[ 547.848775] ret_from_fork+0x30/0x50\n[ 547.852354] ? __pfx_kthread+0x10/0x10\n[ 547.856097] ret_from_fork_asm+0x1a/0x30\n[ 547.860019] \u003c/TASK\u003e\n[ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58019",
"url": "https://www.suse.com/security/cve/CVE-2024-58019"
},
{
"category": "external",
"summary": "SUSE Bug 1238997 for CVE-2024-58019",
"url": "https://bugzilla.suse.com/1238997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Add NULL check in mt_input_configured\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in mt_input_configured() is not checked.\nAdd NULL check in mt_input_configured(), to handle kernel NULL\npointer dereference error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58020",
"url": "https://www.suse.com/security/cve/CVE-2024-58020"
},
{
"category": "external",
"summary": "SUSE Bug 1239346 for CVE-2024-58020",
"url": "https://bugzilla.suse.com/1239346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()\n\nAs of_find_node_by_name() release the reference of the argument device\nnode, tegra_emc_find_node_by_ram_code() releases some device nodes while\nstill in use, resulting in possible UAFs. According to the bindings and\nthe in-tree DTS files, the \"emc-tables\" node is always device\u0027s child\nnode with the property \"nvidia,use-ram-code\", and the \"lpddr2\" node is a\nchild of the \"emc-tables\" node. Thus utilize the\nfor_each_child_of_node() macro and of_get_child_by_name() instead of\nof_find_node_by_name() to simplify the code.\n\nThis bug was found by an experimental verification tool that I am\ndeveloping.\n\n[krzysztof: applied v1, adjust the commit msg to incorporate v2 parts]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58034",
"url": "https://www.suse.com/security/cve/CVE-2024-58034"
},
{
"category": "external",
"summary": "SUSE Bug 1238773 for CVE-2024-58034",
"url": "https://bugzilla.suse.com/1238773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ipmb: Add check devm_kasprintf() returned value\n\ndevm_kasprintf() can return a NULL pointer on failure but this\nreturned value is not checked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58051",
"url": "https://www.suse.com/security/cve/CVE-2024-58051"
},
{
"category": "external",
"summary": "SUSE Bug 1238963 for CVE-2024-58051",
"url": "https://bugzilla.suse.com/1238963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table\n\nThe function atomctrl_get_smc_sclk_range_table() does not check the return\nvalue of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to\nretrieve SMU_Info table, it returns NULL which is later dereferenced.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nIn practice this should never happen as this code only gets called\non polaris chips and the vbios data table will always be present on\nthose chips.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58052",
"url": "https://www.suse.com/security/cve/CVE-2024-58052"
},
{
"category": "external",
"summary": "SUSE Bug 1238986 for CVE-2024-58052",
"url": "https://bugzilla.suse.com/1238986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58052"
},
{
"cve": "CVE-2024-58054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: max96712: fix kernel oops when removing module\n\nThe following kernel oops is thrown when trying to remove the max96712\nmodule:\n\nUnable to handle kernel paging request at virtual address 00007375746174db\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af89000\n[00007375746174db] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in: crct10dif_ce polyval_ce mxc_jpeg_encdec flexcan\n snd_soc_fsl_sai snd_soc_fsl_asoc_card snd_soc_fsl_micfil dwc_mipi_csi2\n imx_csi_formatter polyval_generic v4l2_jpeg imx_pcm_dma can_dev\n snd_soc_imx_audmux snd_soc_wm8962 snd_soc_imx_card snd_soc_fsl_utils\n max96712(C-) rpmsg_ctrl rpmsg_char pwm_fan fuse\n [last unloaded: imx8_isi]\nCPU: 0 UID: 0 PID: 754 Comm: rmmod\n\t Tainted: G C 6.12.0-rc6-06364-g327fec852c31 #17\nTainted: [C]=CRAP\nHardware name: NXP i.MX95 19X19 board (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : led_put+0x1c/0x40\nlr : v4l2_subdev_put_privacy_led+0x48/0x58\nsp : ffff80008699bbb0\nx29: ffff80008699bbb0 x28: ffff00008ac233c0 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000080cf1170 x22: ffff00008b53bd00 x21: ffff8000822ad1c8\nx20: ffff000080ff5c00 x19: ffff00008b53be40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000004 x13: ffff0000800f8010 x12: 0000000000000000\nx11: ffff000082acf5c0 x10: ffff000082acf478 x9 : ffff0000800f8010\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000020 x3 : 00000000553a3dc1\nx2 : ffff00008ac233c0 x1 : ffff00008ac233c0 x0 : ff00737574617473\nCall trace:\n led_put+0x1c/0x40\n v4l2_subdev_put_privacy_led+0x48/0x58\n v4l2_async_unregister_subdev+0x2c/0x1a4\n max96712_remove+0x1c/0x38 [max96712]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x4c/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n max96712_i2c_driver_exit+0x18/0x1d0 [max96712]\n __arm64_sys_delete_module+0x1a4/0x290\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xd8\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x190/0x194\nCode: f9000bf3 aa0003f3 f9402800 f9402000 (f9403400)\n---[ end trace 0000000000000000 ]---\n\nThis happens because in v4l2_i2c_subdev_init(), the i2c_set_cliendata()\nis called again and the data is overwritten to point to sd, instead of\npriv. So, in remove(), the wrong pointer is passed to\nv4l2_async_unregister_subdev(), leading to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58054",
"url": "https://www.suse.com/security/cve/CVE-2024-58054"
},
{
"category": "external",
"summary": "SUSE Bug 1238975 for CVE-2024-58054",
"url": "https://bugzilla.suse.com/1238975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58054"
},
{
"cve": "CVE-2024-58055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58055"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_tcm: Don\u0027t free command immediately\n\nDon\u0027t prematurely free the command. Wait for the status completion of\nthe sense status. It can be freed then. Otherwise we will double-free\nthe command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58055",
"url": "https://www.suse.com/security/cve/CVE-2024-58055"
},
{
"category": "external",
"summary": "SUSE Bug 1238959 for CVE-2024-58055",
"url": "https://bugzilla.suse.com/1238959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58055"
},
{
"cve": "CVE-2024-58056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: core: Fix ida_free call while not allocated\n\nIn the rproc_alloc() function, on error, put_device(\u0026rproc-\u003edev) is\ncalled, leading to the call of the rproc_type_release() function.\nAn error can occurs before ida_alloc is called.\n\nIn such case in rproc_type_release(), the condition (rproc-\u003eindex \u003e= 0) is\ntrue as rproc-\u003eindex has been initialized to 0.\nida_free() is called reporting a warning:\n[ 4.181906] WARNING: CPU: 1 PID: 24 at lib/idr.c:525 ida_free+0x100/0x164\n[ 4.186378] stm32-display-dsi 5a000000.dsi: Fixed dependency cycle(s) with /soc/dsi@5a000000/panel@0\n[ 4.188854] ida_free called for id=0 which is not allocated.\n[ 4.198256] mipi-dsi 5a000000.dsi.0: Fixed dependency cycle(s) with /soc/dsi@5a000000\n[ 4.203556] Modules linked in: panel_orisetech_otm8009a dw_mipi_dsi_stm(+) gpu_sched dw_mipi_dsi stm32_rproc stm32_crc32 stm32_ipcc(+) optee(+)\n[ 4.224307] CPU: 1 UID: 0 PID: 24 Comm: kworker/u10:0 Not tainted 6.12.0 #442\n[ 4.231481] Hardware name: STM32 (Device Tree Support)\n[ 4.236627] Workqueue: events_unbound deferred_probe_work_func\n[ 4.242504] Call trace:\n[ 4.242522] unwind_backtrace from show_stack+0x10/0x14\n[ 4.250218] show_stack from dump_stack_lvl+0x50/0x64\n[ 4.255274] dump_stack_lvl from __warn+0x80/0x12c\n[ 4.260134] __warn from warn_slowpath_fmt+0x114/0x188\n[ 4.265199] warn_slowpath_fmt from ida_free+0x100/0x164\n[ 4.270565] ida_free from rproc_type_release+0x38/0x60\n[ 4.275832] rproc_type_release from device_release+0x30/0xa0\n[ 4.281601] device_release from kobject_put+0xc4/0x294\n[ 4.286762] kobject_put from rproc_alloc.part.0+0x208/0x28c\n[ 4.292430] rproc_alloc.part.0 from devm_rproc_alloc+0x80/0xc4\n[ 4.298393] devm_rproc_alloc from stm32_rproc_probe+0xd0/0x844 [stm32_rproc]\n[ 4.305575] stm32_rproc_probe [stm32_rproc] from platform_probe+0x5c/0xbc\n\nCalling ida_alloc earlier in rproc_alloc ensures that the rproc-\u003eindex is\nproperly set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58056",
"url": "https://www.suse.com/security/cve/CVE-2024-58056"
},
{
"category": "external",
"summary": "SUSE Bug 1238981 for CVE-2024-58056",
"url": "https://bugzilla.suse.com/1238981"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58056"
},
{
"cve": "CVE-2024-58057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: convert workqueues to unbound\n\nWhen a workqueue is created with `WQ_UNBOUND`, its work items are\nserved by special worker-pools, whose host workers are not bound to\nany specific CPU. In the default configuration (i.e. when\n`queue_delayed_work` and friends do not specify which CPU to run the\nwork item on), `WQ_UNBOUND` allows the work item to be executed on any\nCPU in the same node of the CPU it was enqueued on. While this\nsolution potentially sacrifices locality, it avoids contention with\nother processes that might dominate the CPU time of the processor the\nwork item was scheduled on.\n\nThis is not just a theoretical problem: in a particular scenario\nmisconfigured process was hogging most of the time from CPU0, leaving\nless than 0.5% of its CPU time to the kworker. The IDPF workqueues\nthat were using the kworker on CPU0 suffered large completion delays\nas a result, causing performance degradation, timeouts and eventual\nsystem crash.\n\n\n* I have also run a manual test to gauge the performance\n improvement. The test consists of an antagonist process\n (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This\n process is run under `taskset 01` to bind it to CPU0, and its\n priority is changed with `chrt -pQ 9900 10000 ${pid}` and\n `renice -n -20 ${pid}` after start.\n\n Then, the IDPF driver is forced to prefer CPU0 by editing all calls\n to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0.\n\n Finally, `ktraces` for the workqueue events are collected.\n\n Without the current patch, the antagonist process can force\n arbitrary delays between `workqueue_queue_work` and\n `workqueue_execute_start`, that in my tests were as high as\n `30ms`. With the current patch applied, the workqueue can be\n migrated to another unloaded CPU in the same node, and, keeping\n everything else equal, the maximum delay I could see was `6us`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58057",
"url": "https://www.suse.com/security/cve/CVE-2024-58057"
},
{
"category": "external",
"summary": "SUSE Bug 1238969 for CVE-2024-58057",
"url": "https://bugzilla.suse.com/1238969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58057"
},
{
"cve": "CVE-2024-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: skip dumping tnc tree when zroot is null\n\nClearing slab cache will free all znode in memory and make\nc-\u003ezroot.znode = NULL, then dumping tnc tree will access\nc-\u003ezroot.znode which cause null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58058",
"url": "https://www.suse.com/security/cve/CVE-2024-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1238979 for CVE-2024-58058",
"url": "https://bugzilla.suse.com/1238979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: prohibit deactivating all links\n\nIn the internal API this calls this is a WARN_ON, but that\nshould remain since internally we want to know about bugs\nthat may cause this. Prevent deactivating all links in the\ndebugfs write directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58061",
"url": "https://www.suse.com/security/cve/CVE-2024-58061"
},
{
"category": "external",
"summary": "SUSE Bug 1238973 for CVE-2024-58061",
"url": "https://bugzilla.suse.com/1238973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58061"
},
{
"cve": "CVE-2024-58063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: fix memory leaks and invalid access at probe error path\n\nDeinitialize at reverse order when probe fails.\n\nWhen init_sw_vars fails, rtl_deinit_core should not be called, specially\nnow that it destroys the rtl_wq workqueue.\n\nAnd call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be\nleaked.\n\nRemove pci_set_drvdata call as it will already be cleaned up by the core\ndriver code and could lead to memory leaks too. cf. commit 8d450935ae7f\n(\"wireless: rtlwifi: remove unnecessary pci_set_drvdata()\") and\ncommit 3d86b93064c7 (\"rtlwifi: Fix PCI probe error path orphaned memory\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58063",
"url": "https://www.suse.com/security/cve/CVE-2024-58063"
},
{
"category": "external",
"summary": "SUSE Bug 1238984 for CVE-2024-58063",
"url": "https://bugzilla.suse.com/1238984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read\n\nThe nvmem interface supports variable buffer sizes, while the regmap\ninterface operates with fixed-size storage. If an nvmem client uses a\nbuffer size less than 4 bytes, regmap_read will write out of bounds\nas it expects the buffer to point at an unsigned int.\n\nFix this by using an intermediary unsigned int to hold the value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58069",
"url": "https://www.suse.com/security/cve/CVE-2024-58069"
},
{
"category": "external",
"summary": "SUSE Bug 1238978 for CVE-2024-58069",
"url": "https://bugzilla.suse.com/1238978"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58069"
},
{
"cve": "CVE-2024-58071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: prevent adding a device which is already a team device lower\n\nPrevent adding a device which is already a team device lower,\ne.g. adding veth0 if vlan1 was already added and veth0 is a lower of\nvlan1.\n\nThis is not useful in practice and can lead to recursive locking:\n\n$ ip link add veth0 type veth peer name veth1\n$ ip link set veth0 up\n$ ip link set veth1 up\n$ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1\n$ ip link add team0 type team\n$ ip link set veth0.1 down\n$ ip link set veth0.1 master team0\nteam0: Port device veth0.1 added\n$ ip link set veth0 down\n$ ip link set veth0 master team0\n\n============================================\nWARNING: possible recursive locking detected\n6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted\n--------------------------------------------\nip/7684 is trying to acquire lock:\nffff888016848e00 (team-\u003eteam_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n\nbut task is already holding lock:\nffff888016848e00 (team-\u003eteam_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977)\n\nother info that might help us debug this:\nPossible unsafe locking scenario:\n\nCPU0\n----\nlock(team-\u003eteam_lock_key);\nlock(team-\u003eteam_lock_key);\n\n*** DEADLOCK ***\n\nMay be due to missing lock nesting notation\n\n2 locks held by ip/7684:\n\nstack backtrace:\nCPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:122)\nprint_deadlock_bug.cold (kernel/locking/lockdep.c:3040)\n__lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226)\n? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548)\nlock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2))\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? lock_acquire (kernel/locking/lockdep.c:5822)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n__mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\n? fib_sync_up (net/ipv4/fib_semantics.c:2167)\n? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\nteam_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973)\nnotifier_call_chain (kernel/notifier.c:85)\ncall_netdevice_notifiers_info (net/core/dev.c:1996)\n__dev_notify_flags (net/core/dev.c:8993)\n? __dev_change_flags (net/core/dev.c:8975)\ndev_change_flags (net/core/dev.c:9027)\nvlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470)\n? br_device_event (net/bridge/br.c:143)\nnotifier_call_chain (kernel/notifier.c:85)\ncall_netdevice_notifiers_info (net/core/dev.c:1996)\ndev_open (net/core/dev.c:1519 net/core/dev.c:1505)\nteam_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977)\n? __pfx_team_add_slave (drivers/net/team/team_core.c:1972)\ndo_set_master (net/core/rtnetlink.c:2917)\ndo_setlink.isra.0 (net/core/rtnetlink.c:3117)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58071",
"url": "https://www.suse.com/security/cve/CVE-2024-58071"
},
{
"category": "external",
"summary": "SUSE Bug 1238970 for CVE-2024-58071",
"url": "https://bugzilla.suse.com/1238970"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58071"
},
{
"cve": "CVE-2024-58072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58072",
"url": "https://www.suse.com/security/cve/CVE-2024-58072"
},
{
"category": "external",
"summary": "SUSE Bug 1238964 for CVE-2024-58072",
"url": "https://bugzilla.suse.com/1238964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-sm6350: Add missing parent_map for two clocks\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for two clocks where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58076",
"url": "https://www.suse.com/security/cve/CVE-2024-58076"
},
{
"category": "external",
"summary": "SUSE Bug 1239037 for CVE-2024-58076",
"url": "https://bugzilla.suse.com/1239037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58076"
},
{
"cve": "CVE-2024-58078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors\n\nmisc_minor_alloc was allocating id using ida for minor only in case of\nMISC_DYNAMIC_MINOR but misc_minor_free was always freeing ids\nusing ida_free causing a mismatch and following warn:\n\u003e \u003e WARNING: CPU: 0 PID: 159 at lib/idr.c:525 ida_free+0x3e0/0x41f\n\u003e \u003e ida_free called for id=127 which is not allocated.\n\u003e \u003e \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\n...\n\u003e \u003e [\u003c60941eb4\u003e] ida_free+0x3e0/0x41f\n\u003e \u003e [\u003c605ac993\u003e] misc_minor_free+0x3e/0xbc\n\u003e \u003e [\u003c605acb82\u003e] misc_deregister+0x171/0x1b3\n\nmisc_minor_alloc is changed to allocate id from ida for all minors\nfalling in the range of dynamic/ misc dynamic minors",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58078",
"url": "https://www.suse.com/security/cve/CVE-2024-58078"
},
{
"category": "external",
"summary": "SUSE Bug 1239034 for CVE-2024-58078",
"url": "https://bugzilla.suse.com/1239034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58078"
},
{
"cve": "CVE-2024-58079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix crash during unbind if gpio unit is in use\n\nWe used the wrong device for the device managed functions. We used the\nusb device, when we should be using the interface device.\n\nIf we unbind the driver from the usb interface, the cleanup functions\nare never called. In our case, the IRQ is never disabled.\n\nIf an IRQ is triggered, it will try to access memory sections that are\nalready free, causing an OOPS.\n\nWe cannot use the function devm_request_threaded_irq here. The devm_*\nclean functions may be called after the main structure is released by\nuvc_delete.\n\nLuckily this bug has small impact, as it is only affected by devices\nwith gpio units and the user has to unbind the device, a disconnect will\nnot trigger this error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58079",
"url": "https://www.suse.com/security/cve/CVE-2024-58079"
},
{
"category": "external",
"summary": "SUSE Bug 1239029 for CVE-2024-58079",
"url": "https://bugzilla.suse.com/1239029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58079"
},
{
"cve": "CVE-2024-58080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: dispcc-sm6350: Add missing parent_map for a clock\n\nIf a clk_rcg2 has a parent, it should also have parent_map defined,\notherwise we\u0027ll get a NULL pointer dereference when calling clk_set_rate\nlike the following:\n\n [ 3.388105] Call trace:\n [ 3.390664] qcom_find_src_index+0x3c/0x70 (P)\n [ 3.395301] qcom_find_src_index+0x1c/0x70 (L)\n [ 3.399934] _freq_tbl_determine_rate+0x48/0x100\n [ 3.404753] clk_rcg2_determine_rate+0x1c/0x28\n [ 3.409387] clk_core_determine_round_nolock+0x58/0xe4\n [ 3.421414] clk_core_round_rate_nolock+0x48/0xfc\n [ 3.432974] clk_core_round_rate_nolock+0xd0/0xfc\n [ 3.444483] clk_core_set_rate_nolock+0x8c/0x300\n [ 3.455886] clk_set_rate+0x38/0x14c\n\nAdd the parent_map property for the clock where it\u0027s missing and also\nun-inline the parent_data as well to keep the matching parent_map and\nparent_data together.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58080",
"url": "https://www.suse.com/security/cve/CVE-2024-58080"
},
{
"category": "external",
"summary": "SUSE Bug 1239027 for CVE-2024-58080",
"url": "https://bugzilla.suse.com/1239027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58080"
},
{
"cve": "CVE-2024-58083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Explicitly verify target vCPU is online in kvm_get_vcpu()\n\nExplicitly verify the target vCPU is fully online _prior_ to clamping the\nindex in kvm_get_vcpu(). If the index is \"bad\", the nospec clamping will\ngenerate \u00270\u0027, i.e. KVM will return vCPU0 instead of NULL.\n\nIn practice, the bug is unlikely to cause problems, as it will only come\ninto play if userspace or the guest is buggy or misbehaving, e.g. KVM may\nsend interrupts to vCPU0 instead of dropping them on the floor.\n\nHowever, returning vCPU0 when it shouldn\u0027t exist per online_vcpus is\nproblematic now that KVM uses an xarray for the vCPUs array, as KVM needs\nto insert into the xarray before publishing the vCPU to userspace (see\ncommit c5b077549136 (\"KVM: Convert the kvm-\u003evcpus array to a xarray\")),\ni.e. before vCPU creation is guaranteed to succeed.\n\nAs a result, incorrectly providing access to vCPU0 will trigger a\nuse-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu()\nbails out of vCPU creation due to an error and frees vCPU0. Commit\nafb2acb2e3a3 (\"KVM: Fix vcpu_array[0] races\") papered over that issue, but\nin doing so introduced an unsolvable teardown conundrum. Preventing\naccesses to vCPU0 before it\u0027s fully online will allow reverting commit\nafb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58083",
"url": "https://www.suse.com/security/cve/CVE-2024-58083"
},
{
"category": "external",
"summary": "SUSE Bug 1239036 for CVE-2024-58083",
"url": "https://bugzilla.suse.com/1239036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: don\u0027t emit warning in tomoyo_write_control()\n\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\nfor one can write a very very long line without new line character. To fix\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\nfor practically a valid line should be always shorter than 32KB where the\n\"too small to fail\" memory-allocation rule applies.\n\nOne might try to write a valid line that is longer than 32KB, but such\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58085",
"url": "https://www.suse.com/security/cve/CVE-2024-58085"
},
{
"category": "external",
"summary": "SUSE Bug 1239085 for CVE-2024-58085",
"url": "https://bugzilla.suse.com/1239085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2024-58086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Stop active perfmon if it is being destroyed\n\nIf the active performance monitor (`v3d-\u003eactive_perfmon`) is being\ndestroyed, stop it first. Currently, the active perfmon is not\nstopped during destruction, leaving the `v3d-\u003eactive_perfmon` pointer\nstale. This can lead to undefined behavior and instability.\n\nThis patch ensures that the active perfmon is stopped before being\ndestroyed, aligning with the behavior introduced in commit\n7d1fd3638ee3 (\"drm/v3d: Stop the active perfmon before being destroyed\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58086",
"url": "https://www.suse.com/security/cve/CVE-2024-58086"
},
{
"category": "external",
"summary": "SUSE Bug 1239038 for CVE-2024-58086",
"url": "https://bugzilla.suse.com/1239038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2024-58086"
},
{
"cve": "CVE-2025-21631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix waker_bfqq UAF after bfq_split_bfqq()\n\nOur syzkaller report a following UAF for v6.6:\n\nBUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\nRead of size 8 at addr ffff8881b57147d8 by task fsstress/232726\n\nCPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\n print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\n print_report+0x3e/0x70 mm/kasan/report.c:475\n kasan_report+0xb8/0xf0 mm/kasan/report.c:588\n hlist_add_head include/linux/list.h:1023 [inline]\n bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230\n __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567\n ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947\n ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182\n ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660\n ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569\n iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91\n iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80\n ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051\n ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220\n do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811\n __do_sys_ioctl fs/ioctl.c:869 [inline]\n __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nAllocated by task 232719:\n kasan_save_stack+0x22/0x50 mm/kasan/common.c:45\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\n slab_post_alloc_hook mm/slab.h:768 [inline]\n slab_alloc_node mm/slub.c:3492 [inline]\n kmem_cache_alloc_node+0x1b8/0x6f0 mm/slub.c:3537\n bfq_get_queue+0x215/0x1f00 block/bfq-iosched.c:5869\n bfq_get_bfqq_handle_split+0x167/0x5f0 block/bfq-iosched.c:6776\n bfq_init_rq+0x13a4/0x17a0 block/bfq-iosched.c:6938\n bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271\n bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323\n blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660\n blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143\n __submit_bio+0xa0/0x6b0 block/blk-core.c:639\n __submit_bio_noacct_mq block/blk-core.c:718 [inline]\n submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747\n submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847\n __ext4_read_bh fs/ext4/super.c:205 [inline]\n ext4_read_bh_nowait+0x15a/0x240 fs/ext4/super.c:217\n ext4_read_bh_lock+0xac/0xd0 fs/ext4/super.c:242\n ext4_bread_batch+0x268/0x500 fs/ext4/inode.c:958\n __ext4_find_entry+0x448/0x10f0 fs/ext4/namei.c:1671\n ext4_lookup_entry fs/ext4/namei.c:1774 [inline]\n ext4_lookup.part.0+0x359/0x6f0 fs/ext4/namei.c:1842\n ext4_lookup+0x72/0x90 fs/ext4/namei.c:1839\n __lookup_slow+0x257/0x480 fs/namei.c:1696\n lookup_slow fs/namei.c:1713 [inline]\n walk_component+0x454/0x5c0 fs/namei.c:2004\n link_path_walk.part.0+0x773/0xda0 fs/namei.c:2331\n link_path_walk fs/namei.c:3826 [inline]\n path_openat+0x1b9/0x520 fs/namei.c:3826\n do_filp_open+0x1b7/0x400 fs/namei.c:3857\n do_sys_openat2+0x5dc/0x6e0 fs/open.c:1428\n do_sys_open fs/open.c:1443 [inline]\n __do_sys_openat fs/open.c:1459 [inline]\n __se_sys_openat fs/open.c:1454 [inline]\n __x64_sys_openat+0x148/0x200 fs/open.c:1454\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_6\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21631",
"url": "https://www.suse.com/security/cve/CVE-2025-21631"
},
{
"category": "external",
"summary": "SUSE Bug 1236099 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236099"
},
{
"category": "external",
"summary": "SUSE Bug 1236100 for CVE-2025-21631",
"url": "https://bugzilla.suse.com/1236100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the \u0027net\u0027 one can be retrieved from the listen\nsocket (if available).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21635",
"url": "https://www.suse.com/security/cve/CVE-2025-21635"
},
{
"category": "external",
"summary": "SUSE Bug 1236111 for CVE-2025-21635",
"url": "https://bugzilla.suse.com/1236111"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21636"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: plpmtud_probe_interval: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.probe_interval\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21636",
"url": "https://www.suse.com/security/cve/CVE-2025-21636"
},
{
"category": "external",
"summary": "SUSE Bug 1236113 for CVE-2025-21636",
"url": "https://bugzilla.suse.com/1236113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21637"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: udp_port: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21637",
"url": "https://www.suse.com/security/cve/CVE-2025-21637"
},
{
"category": "external",
"summary": "SUSE Bug 1236114 for CVE-2025-21637",
"url": "https://bugzilla.suse.com/1236114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21638",
"url": "https://www.suse.com/security/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "SUSE Bug 1236115 for CVE-2025-21638",
"url": "https://bugzilla.suse.com/1236115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21639"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21639",
"url": "https://www.suse.com/security/cve/CVE-2025-21639"
},
{
"category": "external",
"summary": "SUSE Bug 1236122 for CVE-2025-21639",
"url": "https://bugzilla.suse.com/1236122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21640"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21640",
"url": "https://www.suse.com/security/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "SUSE Bug 1236123 for CVE-2025-21640",
"url": "https://bugzilla.suse.com/1236123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: sch_cake: add bounds checks to host bulk flow fairness counts\n\nEven though we fixed a logic error in the commit cited below, syzbot\nstill managed to trigger an underflow of the per-host bulk flow\ncounters, leading to an out of bounds memory access.\n\nTo avoid any such logic errors causing out of bounds memory accesses,\nthis commit factors out all accesses to the per-host bulk flow counters\nto a series of helpers that perform bounds-checking before any\nincrements and decrements. This also has the benefit of improving\nreadability by moving the conditional checks for the flow mode into\nthese helpers, instead of having them spread out throughout the\ncode (which was the cause of the original logic error).\n\nAs part of this change, the flow quantum calculation is consolidated\ninto a helper function, which means that the dithering applied to the\nost load scaling is now applied both in the DRR rotation and when a\nsparse flow\u0027s quantum is first initiated. The only user-visible effect\nof this is that the maximum packet size that can be sent while a flow\nstays sparse will now vary with +/- one byte in some cases. This should\nnot make a noticeable difference in practice, and thus it\u0027s not worth\ncomplicating the code to preserve the old behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21647",
"url": "https://www.suse.com/security/cve/CVE-2025-21647"
},
{
"category": "external",
"summary": "SUSE Bug 1236133 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236133"
},
{
"category": "external",
"summary": "SUSE Bug 1236134 for CVE-2025-21647",
"url": "https://bugzilla.suse.com/1236134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21659",
"url": "https://www.suse.com/security/cve/CVE-2025-21659"
},
{
"category": "external",
"summary": "SUSE Bug 1236206 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236206"
},
{
"category": "external",
"summary": "SUSE Bug 1236207 for CVE-2025-21659",
"url": "https://bugzilla.suse.com/1236207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: avoid truncating 64-bit offset to 32 bits\n\nOn 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a\n64-bit value to 32 bits, leading to a possible infinite loop when writing\nto an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21665",
"url": "https://www.suse.com/security/cve/CVE-2025-21665"
},
{
"category": "external",
"summary": "SUSE Bug 1236684 for CVE-2025-21665",
"url": "https://bugzilla.suse.com/1236684"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: prevent null-ptr-deref in vsock_*[has_data|has_space]\n\nRecent reports have shown how we sometimes call vsock_*_has_data()\nwhen a vsock socket has been de-assigned from a transport (see attached\nlinks), but we shouldn\u0027t.\n\nPrevious commits should have solved the real problems, but we may have\nmore in the future, so to avoid null-ptr-deref, we can return 0\n(no space, no data available) but with a warning.\n\nThis way the code should continue to run in a nearly consistent state\nand have a warning that allows us to debug future problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21666",
"url": "https://www.suse.com/security/cve/CVE-2025-21666"
},
{
"category": "external",
"summary": "SUSE Bug 1236680 for CVE-2025-21666",
"url": "https://bugzilla.suse.com/1236680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21667",
"url": "https://www.suse.com/security/cve/CVE-2025-21667"
},
{
"category": "external",
"summary": "SUSE Bug 1236681 for CVE-2025-21667",
"url": "https://bugzilla.suse.com/1236681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: add missing loop break condition\n\nCurrently imx8mp_blk_ctrl_remove() will continue the for loop\nuntil an out-of-bounds exception occurs.\n\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : dev_pm_domain_detach+0x8/0x48\nlr : imx8mp_blk_ctrl_shutdown+0x58/0x90\nsp : ffffffc084f8bbf0\nx29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000\nx26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028\nx23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0\nx20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff\nx17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72\nx14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000\nx11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8\nx8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000\nCall trace:\n dev_pm_domain_detach+0x8/0x48\n platform_shutdown+0x2c/0x48\n device_shutdown+0x158/0x268\n kernel_restart_prepare+0x40/0x58\n kernel_kexec+0x58/0xe8\n __do_sys_reboot+0x198/0x258\n __arm64_sys_reboot+0x2c/0x40\n invoke_syscall+0x5c/0x138\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xc8\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x190/0x198\nCode: 8128c2d0 ffffffc0 aa1e03e9 d503201f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21668",
"url": "https://www.suse.com/security/cve/CVE-2025-21668"
},
{
"category": "external",
"summary": "SUSE Bug 1236682 for CVE-2025-21668",
"url": "https://bugzilla.suse.com/1236682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21669"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: discard packets if the transport changes\n\nIf the socket has been de-assigned or assigned to another transport,\nwe must discard any packets received because they are not expected\nand would cause issues when we access vsk-\u003etransport.\n\nA possible scenario is described by Hyunwoo Kim in the attached link,\nwhere after a first connect() interrupted by a signal, and a second\nconnect() failed, we can find `vsk-\u003etransport` at NULL, leading to a\nNULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21669",
"url": "https://www.suse.com/security/cve/CVE-2025-21669"
},
{
"category": "external",
"summary": "SUSE Bug 1236683 for CVE-2025-21669",
"url": "https://bugzilla.suse.com/1236683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk-\u003etransport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21670",
"url": "https://www.suse.com/security/cve/CVE-2025-21670"
},
{
"category": "external",
"summary": "SUSE Bug 1236685 for CVE-2025-21670",
"url": "https://bugzilla.suse.com/1236685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21670"
},
{
"cve": "CVE-2025-21671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21671"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix potential UAF of zram table\n\nIf zram_meta_alloc failed early, it frees allocated zram-\u003etable without\nsetting it NULL. Which will potentially cause zram_meta_free to access\nthe table if user reset an failed and uninitialized device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21671",
"url": "https://www.suse.com/security/cve/CVE-2025-21671"
},
{
"category": "external",
"summary": "SUSE Bug 1236692 for CVE-2025-21671",
"url": "https://bugzilla.suse.com/1236692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21671"
},
{
"cve": "CVE-2025-21673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can\u0027t be freed as long as\ncifsd thread isn\u0027t done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21673",
"url": "https://www.suse.com/security/cve/CVE-2025-21673"
},
{
"category": "external",
"summary": "SUSE Bug 1236689 for CVE-2025-21673",
"url": "https://bugzilla.suse.com/1236689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clear port select structure when fail to create\n\nClear the port select structure on error so no stale values left after\ndefiners are destroyed. That\u0027s because the mlx5_lag_destroy_definers()\nalways try to destroy all lag definers in the tt_map, so in the flow\nbelow lag definers get double-destroyed and cause kernel crash:\n\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 1\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets destroyed\n mlx5_lag_port_sel_create()\n mlx5_lag_create_definers()\n mlx5_lag_create_definer() \u003c- Failed on tt 0\n mlx5_lag_destroy_definers() \u003c- definers[tt=0] gets double-destroyed\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n Mem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 64k pages, 48-bit VAs, pgdp=0000000112ce2e00\n [0000000000000008] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n Modules linked in: iptable_raw bonding ip_gre ip6_gre gre ip6_tunnel tunnel6 geneve ip6_udp_tunnel udp_tunnel ipip tunnel4 ip_tunnel rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) mlx5_fwctl(OE) fwctl(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlxfw(OE) memtrack(OE) mlx_compat(OE) openvswitch nsh nf_conncount psample xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter bridge stp llc netconsole overlay efi_pstore sch_fq_codel zram ip_tables crct10dif_ce qemu_fw_cfg fuse ipv6 crc_ccitt [last unloaded: mlx_compat(OE)]\n CPU: 3 UID: 0 PID: 217 Comm: kworker/u53:2 Tainted: G OE 6.11.0+ #2\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n lr : mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n sp : ffff800085fafb00\n x29: ffff800085fafb00 x28: ffff0000da0c8000 x27: 0000000000000000\n x26: ffff0000da0c8000 x25: ffff0000da0c8000 x24: ffff0000da0c8000\n x23: ffff0000c31f81a0 x22: 0400000000000000 x21: ffff0000da0c8000\n x20: 0000000000000000 x19: 0000000000000001 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8b0c9350\n x14: 0000000000000000 x13: ffff800081390d18 x12: ffff800081dc3cc0\n x11: 0000000000000001 x10: 0000000000000b10 x9 : ffff80007ab7304c\n x8 : ffff0000d00711f0 x7 : 0000000000000004 x6 : 0000000000000190\n x5 : ffff00027edb3010 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : ffff0000d39b8000 x1 : ffff0000d39b8000 x0 : 0400000000000000\n Call trace:\n mlx5_del_flow_rules+0x24/0x2c0 [mlx5_core]\n mlx5_lag_destroy_definer+0x54/0x100 [mlx5_core]\n mlx5_lag_destroy_definers+0xa0/0x108 [mlx5_core]\n mlx5_lag_port_sel_create+0x2d4/0x6f8 [mlx5_core]\n mlx5_activate_lag+0x60c/0x6f8 [mlx5_core]\n mlx5_do_bond_work+0x284/0x5c8 [mlx5_core]\n process_one_work+0x170/0x3e0\n worker_thread+0x2d8/0x3e0\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n Code: a9025bf5 aa0003f6 a90363f7 f90023f9 (f9400400)\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21675",
"url": "https://www.suse.com/security/cve/CVE-2025-21675"
},
{
"category": "external",
"summary": "SUSE Bug 1236694 for CVE-2025-21675",
"url": "https://bugzilla.suse.com/1236694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21675"
},
{
"cve": "CVE-2025-21678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Destroy device along with udp socket\u0027s netns dismantle.\n\ngtp_newlink() links the device to a list in dev_net(dev) instead of\nsrc_net, where a udp tunnel socket is created.\n\nEven when src_net is removed, the device stays alive on dev_net(dev).\nThen, removing src_net triggers the splat below. [0]\n\nIn this example, gtp0 is created in ns2, and the udp socket is created\nin ns1.\n\n ip netns add ns1\n ip netns add ns2\n ip -n ns1 link add netns ns2 name gtp0 type gtp role sgsn\n ip netns del ns1\n\nLet\u0027s link the device to the socket\u0027s netns instead.\n\nNow, gtp_net_exit_batch_rtnl() needs another netdev iteration to remove\nall gtp devices in the netns.\n\n[0]:\nref_tracker: net notrefcnt@000000003d6e7d05 has 1/2 users at\n sk_alloc (./include/net/net_namespace.h:345 net/core/sock.c:2236)\n inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252)\n __sock_create (net/socket.c:1558)\n udp_sock_create4 (net/ipv4/udp_tunnel_core.c:18)\n gtp_create_sock (./include/net/udp_tunnel.h:59 drivers/net/gtp.c:1423)\n gtp_create_sockets (drivers/net/gtp.c:1447)\n gtp_newlink (drivers/net/gtp.c:1507)\n rtnl_newlink (net/core/rtnetlink.c:3786 net/core/rtnetlink.c:3897 net/core/rtnetlink.c:4012)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6922)\n netlink_rcv_skb (net/netlink/af_netlink.c:2542)\n netlink_unicast (net/netlink/af_netlink.c:1321 net/netlink/af_netlink.c:1347)\n netlink_sendmsg (net/netlink/af_netlink.c:1891)\n ____sys_sendmsg (net/socket.c:711 net/socket.c:726 net/socket.c:2583)\n ___sys_sendmsg (net/socket.c:2639)\n __sys_sendmsg (net/socket.c:2669)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n\nWARNING: CPU: 1 PID: 60 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179)\nModules linked in:\nCPU: 1 UID: 0 PID: 60 Comm: kworker/u16:2 Not tainted 6.13.0-rc5-00147-g4c1224501e9d #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:ref_tracker_dir_exit (lib/ref_tracker.c:179)\nCode: 00 00 00 fc ff df 4d 8b 26 49 bd 00 01 00 00 00 00 ad de 4c 39 f5 0f 85 df 00 00 00 48 8b 74 24 08 48 89 df e8 a5 cc 12 02 90 \u003c0f\u003e 0b 90 48 8d 6b 44 be 04 00 00 00 48 89 ef e8 80 de 67 ff 48 89\nRSP: 0018:ff11000009a07b60 EFLAGS: 00010286\nRAX: 0000000000002bd3 RBX: ff1100000f4e1aa0 RCX: 1ffffffff0e40ac6\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8423ee3c\nRBP: ff1100000f4e1af0 R08: 0000000000000001 R09: fffffbfff0e395ae\nR10: 0000000000000001 R11: 0000000000036001 R12: ff1100000f4e1af0\nR13: dead000000000100 R14: ff1100000f4e1af0 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ff1100006ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9b2464bd98 CR3: 0000000005286005 CR4: 0000000000771ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn (kernel/panic.c:748)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\n ? handle_bug (arch/x86/kernel/traps.c:285)\n ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/asm/irqflags.h:155 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194)\n ? ref_tracker_dir_exit (lib/ref_tracker.c:179)\n ? __pfx_ref_tracker_dir_exit (lib/ref_tracker.c:158)\n ? kfree (mm/slub.c:4613 mm/slub.c:4761)\n net_free (net/core/net_namespace.c:476 net/core/net_namespace.c:467)\n cleanup_net (net/core/net_namespace.c:664 (discriminator 3))\n process_one_work (kernel/workqueue.c:3229)\n worker_thread (kernel/workqueue.c:3304 kernel/workqueue.c:3391\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21678",
"url": "https://www.suse.com/security/cve/CVE-2025-21678"
},
{
"category": "external",
"summary": "SUSE Bug 1236698 for CVE-2025-21678",
"url": "https://bugzilla.suse.com/1236698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21678"
},
{
"cve": "CVE-2025-21680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: Avoid out-of-bounds access in get_imix_entries\n\nPassing a sufficient amount of imix entries leads to invalid access to the\npkt_dev-\u003eimix_entries array because of the incorrect boundary check.\n\nUBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24\nindex 20 is out of range for type \u0027imix_pkt [20]\u0027\nCPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl lib/dump_stack.c:117\n__ubsan_handle_out_of_bounds lib/ubsan.c:429\nget_imix_entries net/core/pktgen.c:874\npktgen_if_write net/core/pktgen.c:1063\npde_write fs/proc/inode.c:334\nproc_reg_write fs/proc/inode.c:346\nvfs_write fs/read_write.c:593\nksys_write fs/read_write.c:644\ndo_syscall_64 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[ fp: allow to fill the array completely; minor changelog cleanup ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21680",
"url": "https://www.suse.com/security/cve/CVE-2025-21680"
},
{
"category": "external",
"summary": "SUSE Bug 1236700 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236700"
},
{
"category": "external",
"summary": "SUSE Bug 1236701 for CVE-2025-21680",
"url": "https://bugzilla.suse.com/1236701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -\u003e ovs_vport_send\n -\u003e dev_queue_xmit\n -\u003e __dev_queue_xmit\n -\u003e netdev_core_pick_tx\n -\u003e skb_tx_hash\n\nWhen device is unregistering, the \u0027dev-\u003ereal_num_tx_queues\u0027 goes to\nzero and the \u0027while (unlikely(hash \u003e= qcount))\u0027 loop inside the\n\u0027skb_tx_hash\u0027 becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn\u0027t implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn\u0027t really have a carrier.\nTherefore, while this device is unregistering, it\u0027s still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don\u0027t really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21681",
"url": "https://www.suse.com/security/cve/CVE-2025-21681"
},
{
"category": "external",
"summary": "SUSE Bug 1236702 for CVE-2025-21681",
"url": "https://bugzilla.suse.com/1236702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: xilinx: Convert gpio_lock to raw spinlock\n\nirq_chip functions may be called in raw spinlock context. Therefore, we\nmust also use a raw spinlock for our own internal locking.\n\nThis fixes the following lockdep splat:\n\n[ 5.349336] =============================\n[ 5.353349] [ BUG: Invalid wait context ]\n[ 5.357361] 6.13.0-rc5+ #69 Tainted: G W\n[ 5.363031] -----------------------------\n[ 5.367045] kworker/u17:1/44 is trying to lock:\n[ 5.371587] ffffff88018b02c0 (\u0026chip-\u003egpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.380079] other info that might help us debug this:\n[ 5.385138] context-{5:5}\n[ 5.387762] 5 locks held by kworker/u17:1/44:\n[ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)\n[ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)\n[ 5.411528] #2: ffffff880172c900 (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)\n[ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)\n[ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)\n[ 5.436472] stack backtrace:\n[ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69\n[ 5.448690] Tainted: [W]=WARN\n[ 5.451656] Hardware name: xlnx,zynqmp (DT)\n[ 5.455845] Workqueue: events_unbound deferred_probe_work_func\n[ 5.461699] Call trace:\n[ 5.464147] show_stack+0x18/0x24 C\n[ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)\n[ 5.471501] dump_stack (lib/dump_stack.c:130)\n[ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)\n[ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)\n[ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))\n[ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)\n[ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)\n[ 5.497645] irq_startup (kernel/irq/chip.c:270)\n[ 5.501143] __setup_irq (kernel/irq/manage.c:1807)\n[ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21684",
"url": "https://www.suse.com/security/cve/CVE-2025-21684"
},
{
"category": "external",
"summary": "SUSE Bug 1236952 for CVE-2025-21684",
"url": "https://bugzilla.suse.com/1236952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/platform: check the bounds of read/write syscalls\n\ncount and offset are passed from user space and not checked, only\noffset is capped to 40 bits, which can be used to read/write out of\nbounds of the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21687",
"url": "https://www.suse.com/security/cve/CVE-2025-21687"
},
{
"category": "external",
"summary": "SUSE Bug 1237045 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237045"
},
{
"category": "external",
"summary": "SUSE Bug 1237046 for CVE-2025-21687",
"url": "https://bugzilla.suse.com/1237046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21688"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Assign job pointer to NULL before signaling the fence\n\nIn commit e4b5ccd392b9 (\"drm/v3d: Ensure job pointer is set to NULL\nafter job completion\"), we introduced a change to assign the job pointer\nto NULL after completing a job, indicating job completion.\n\nHowever, this approach created a race condition between the DRM\nscheduler workqueue and the IRQ execution thread. As soon as the fence is\nsignaled in the IRQ execution thread, a new job starts to be executed.\nThis results in a race condition where the IRQ execution thread sets the\njob pointer to NULL simultaneously as the `run_job()` function assigns\na new job to the pointer.\n\nThis race condition can lead to a NULL pointer dereference if the IRQ\nexecution thread sets the job pointer to NULL after `run_job()` assigns\nit to the new job. When the new job completes and the GPU emits an\ninterrupt, `v3d_irq()` is triggered, potentially causing a crash.\n\n[ 466.310099] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[ 466.318928] Mem abort info:\n[ 466.321723] ESR = 0x0000000096000005\n[ 466.325479] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 466.330807] SET = 0, FnV = 0\n[ 466.333864] EA = 0, S1PTW = 0\n[ 466.337010] FSC = 0x05: level 1 translation fault\n[ 466.341900] Data abort info:\n[ 466.344783] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 466.350285] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 466.355350] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 466.360677] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000089772000\n[ 466.367140] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 466.375875] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 466.382163] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device algif_hash algif_skcipher af_alg bnep binfmt_misc vc4 snd_soc_hdmi_codec drm_display_helper cec brcmfmac_wcc spidev rpivid_hevc(C) drm_client_lib brcmfmac hci_uart drm_dma_helper pisp_be btbcm brcmutil snd_soc_core aes_ce_blk v4l2_mem2mem bluetooth aes_ce_cipher snd_compress videobuf2_dma_contig ghash_ce cfg80211 gf128mul snd_pcm_dmaengine videobuf2_memops ecdh_generic sha2_ce ecc videobuf2_v4l2 snd_pcm v3d sha256_arm64 rfkill videodev snd_timer sha1_ce libaes gpu_sched snd videobuf2_common sha1_generic drm_shmem_helper mc rp1_pio drm_kms_helper raspberrypi_hwmon spi_bcm2835 gpio_keys i2c_brcmstb rp1 raspberrypi_gpiomem rp1_mailbox rp1_adc nvmem_rmem uio_pdrv_genirq uio i2c_dev drm ledtrig_pattern drm_panel_orientation_quirks backlight fuse dm_mod ip_tables x_tables ipv6\n[ 466.458429] CPU: 0 UID: 1000 PID: 2008 Comm: chromium Tainted: G C 6.13.0-v8+ #18\n[ 466.467336] Tainted: [C]=CRAP\n[ 466.470306] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[ 466.476157] pstate: 404000c9 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 466.483143] pc : v3d_irq+0x118/0x2e0 [v3d]\n[ 466.487258] lr : __handle_irq_event_percpu+0x60/0x228\n[ 466.492327] sp : ffffffc080003ea0\n[ 466.495646] x29: ffffffc080003ea0 x28: ffffff80c0c94200 x27: 0000000000000000\n[ 466.502807] x26: ffffffd08dd81d7b x25: ffffff80c0c94200 x24: ffffff8003bdc200\n[ 466.509969] x23: 0000000000000001 x22: 00000000000000a7 x21: 0000000000000000\n[ 466.517130] x20: ffffff8041bb0000 x19: 0000000000000001 x18: 0000000000000000\n[ 466.524291] x17: ffffffafadfb0000 x16: ffffffc080000000 x15: 0000000000000000\n[ 466.531452] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 466.538613] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffffd08c527eb0\n[ 466.545777] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 466.552941] x5 : ffffffd08c4100d0 x4 : ffffffafadfb0000 x3 : ffffffc080003f70\n[ 466.560102] x2 : ffffffc0829e8058 x1 : 0000000000000001 x0 : 0000000000000000\n[ 466.567263] Call trace:\n[ 466.569711] v3d_irq+0x118/0x2e0 [v3d] (P)\n[ 466.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21688",
"url": "https://www.suse.com/security/cve/CVE-2025-21688"
},
{
"category": "external",
"summary": "SUSE Bug 1237007 for CVE-2025-21688",
"url": "https://bugzilla.suse.com/1237007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21689"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport \u003e serial-\u003enum_ports) {\n dev_err(\u0026port-\u003edev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn\u0027t account for the valid range of the serial-\u003eport\nbuffer, which is from 0 to serial-\u003enum_ports - 1. When newport is equal\nto serial-\u003enum_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv-\u003ecurrent_port = newport;\n port = serial-\u003eport[serial_priv-\u003ecurrent_port];\n\nThe fix checks if newport is greater than or equal to serial-\u003enum_ports\nindicating it is out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21689",
"url": "https://www.suse.com/security/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "SUSE Bug 1237017 for CVE-2025-21689",
"url": "https://bugzilla.suse.com/1237017"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21690"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Ratelimit warning logs to prevent VM denial of service\n\nIf there\u0027s a persistent error in the hypervisor, the SCSI warning for\nfailed I/O can flood the kernel log and max out CPU utilization,\npreventing troubleshooting from the VM side. Ratelimit the warning so\nit doesn\u0027t DoS the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21690",
"url": "https://www.suse.com/security/cve/CVE-2025-21690"
},
{
"category": "external",
"summary": "SUSE Bug 1237025 for CVE-2025-21690",
"url": "https://bugzilla.suse.com/1237025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ets qdisc OOB Indexing\n\nHaowei Yan \u003cg1042620637@gmail.com\u003e found that ets_class_from_arg() can\nindex an Out-Of-Bound class in ets_class_from_arg() when passed clid of\n0. The overflow may cause local privilege escalation.\n\n [ 18.852298] ------------[ cut here ]------------\n [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20\n [ 18.853743] index 18446744073709551615 is out of range for type \u0027ets_class [16]\u0027\n [ 18.854254] CPU: 0 UID: 0 PID: 1275 Comm: poc Not tainted 6.12.6-dirty #17\n [ 18.854821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [ 18.856532] Call Trace:\n [ 18.857441] \u003cTASK\u003e\n [ 18.858227] dump_stack_lvl+0xc2/0xf0\n [ 18.859607] dump_stack+0x10/0x20\n [ 18.860908] __ubsan_handle_out_of_bounds+0xa7/0xf0\n [ 18.864022] ets_class_change+0x3d6/0x3f0\n [ 18.864322] tc_ctl_tclass+0x251/0x910\n [ 18.864587] ? lock_acquire+0x5e/0x140\n [ 18.865113] ? __mutex_lock+0x9c/0xe70\n [ 18.866009] ? __mutex_lock+0xa34/0xe70\n [ 18.866401] rtnetlink_rcv_msg+0x170/0x6f0\n [ 18.866806] ? __lock_acquire+0x578/0xc10\n [ 18.867184] ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n [ 18.867503] netlink_rcv_skb+0x59/0x110\n [ 18.867776] rtnetlink_rcv+0x15/0x30\n [ 18.868159] netlink_unicast+0x1c3/0x2b0\n [ 18.868440] netlink_sendmsg+0x239/0x4b0\n [ 18.868721] ____sys_sendmsg+0x3e2/0x410\n [ 18.869012] ___sys_sendmsg+0x88/0xe0\n [ 18.869276] ? rseq_ip_fixup+0x198/0x260\n [ 18.869563] ? rseq_update_cpu_node_id+0x10a/0x190\n [ 18.869900] ? trace_hardirqs_off+0x5a/0xd0\n [ 18.870196] ? syscall_exit_to_user_mode+0xcc/0x220\n [ 18.870547] ? do_syscall_64+0x93/0x150\n [ 18.870821] ? __memcg_slab_free_hook+0x69/0x290\n [ 18.871157] __sys_sendmsg+0x69/0xd0\n [ 18.871416] __x64_sys_sendmsg+0x1d/0x30\n [ 18.871699] x64_sys_call+0x9e2/0x2670\n [ 18.871979] do_syscall_64+0x87/0x150\n [ 18.873280] ? do_syscall_64+0x93/0x150\n [ 18.874742] ? lock_release+0x7b/0x160\n [ 18.876157] ? do_user_addr_fault+0x5ce/0x8f0\n [ 18.877833] ? irqentry_exit_to_user_mode+0xc2/0x210\n [ 18.879608] ? irqentry_exit+0x77/0xb0\n [ 18.879808] ? clear_bhb_loop+0x15/0x70\n [ 18.880023] ? clear_bhb_loop+0x15/0x70\n [ 18.880223] ? clear_bhb_loop+0x15/0x70\n [ 18.880426] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [ 18.880683] RIP: 0033:0x44a957\n [ 18.880851] Code: ff ff e8 fc 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 8974 24 10\n [ 18.881766] RSP: 002b:00007ffcdd00fad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n [ 18.882149] RAX: ffffffffffffffda RBX: 00007ffcdd010db8 RCX: 000000000044a957\n [ 18.882507] RDX: 0000000000000000 RSI: 00007ffcdd00fb70 RDI: 0000000000000003\n [ 18.885037] RBP: 00007ffcdd010bc0 R08: 000000000703c770 R09: 000000000703c7c0\n [ 18.887203] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001\n [ 18.888026] R13: 00007ffcdd010da8 R14: 00000000004ca7d0 R15: 0000000000000001\n [ 18.888395] \u003c/TASK\u003e\n [ 18.888610] ---[ end trace ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21692",
"url": "https://www.suse.com/security/cve/CVE-2025-21692"
},
{
"category": "external",
"summary": "SUSE Bug 1237028 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237028"
},
{
"category": "external",
"summary": "SUSE Bug 1237048 for CVE-2025-21692",
"url": "https://bugzilla.suse.com/1237048"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: properly synchronize freeing resources during CPU hotunplug\n\nIn zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the\ncurrent CPU at the beginning of the operation is retrieved and used\nthroughout. However, since neither preemption nor migration are disabled,\nit is possible that the operation continues on a different CPU.\n\nIf the original CPU is hotunplugged while the acomp_ctx is still in use,\nwe run into a UAF bug as some of the resources attached to the acomp_ctx\nare freed during hotunplug in zswap_cpu_comp_dead() (i.e. \nacomp_ctx.buffer, acomp_ctx.req, or acomp_ctx.acomp).\n\nThe problem was introduced in commit 1ec3b5fe6eec (\"mm/zswap: move to use\ncrypto_acomp API for hardware acceleration\") when the switch to the\ncrypto_acomp API was made. Prior to that, the per-CPU crypto_comp was\nretrieved using get_cpu_ptr() which disables preemption and makes sure the\nCPU cannot go away from under us. Preemption cannot be disabled with the\ncrypto_acomp API as a sleepable context is needed.\n\nUse the acomp_ctx.mutex to synchronize CPU hotplug callbacks allocating\nand freeing resources with compression/decompression paths. Make sure\nthat acomp_ctx.req is NULL when the resources are freed. In the\ncompression/decompression paths, check if acomp_ctx.req is NULL after\nacquiring the mutex (meaning the CPU was offlined) and retry on the new\nCPU.\n\nThe initialization of acomp_ctx.mutex is moved from the CPU hotplug\ncallback to the pool initialization where it belongs (where the mutex is\nallocated). In addition to adding clarity, this makes sure that CPU\nhotplug cannot reinitialize a mutex that is already locked by\ncompression/decompression.\n\nPreviously a fix was attempted by holding cpus_read_lock() [1]. This\nwould have caused a potential deadlock as it is possible for code already\nholding the lock to fall into reclaim and enter zswap (causing a\ndeadlock). A fix was also attempted using SRCU for synchronization, but\nJohannes pointed out that synchronize_srcu() cannot be used in CPU hotplug\nnotifiers [2].\n\nAlternative fixes that were considered/attempted and could have worked:\n- Refcounting the per-CPU acomp_ctx. This involves complexity in\n handling the race between the refcount dropping to zero in\n zswap_[de]compress() and the refcount being re-initialized when the\n CPU is onlined.\n- Disabling migration before getting the per-CPU acomp_ctx [3], but\n that\u0027s discouraged and is a much bigger hammer than needed, and could\n result in subtle performance issues.\n\n[1]https://lkml.kernel.org/20241219212437.2714151-1-yosryahmed@google.com/\n[2]https://lkml.kernel.org/20250107074724.1756696-2-yosryahmed@google.com/\n[3]https://lkml.kernel.org/20250107222236.2715883-2-yosryahmed@google.com/\n\n[yosryahmed@google.com: remove comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21693",
"url": "https://www.suse.com/security/cve/CVE-2025-21693"
},
{
"category": "external",
"summary": "SUSE Bug 1237029 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237029"
},
{
"category": "external",
"summary": "SUSE Bug 1237047 for CVE-2025-21693",
"url": "https://bugzilla.suse.com/1237047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Ensure job pointer is set to NULL after job completion\n\nAfter a job completes, the corresponding pointer in the device must\nbe set to NULL. Failing to do so triggers a warning when unloading\nthe driver, as it appears the job is still active. To prevent this,\nassign the job pointer to NULL after completing the job, indicating\nthe job has finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21697",
"url": "https://www.suse.com/security/cve/CVE-2025-21697"
},
{
"category": "external",
"summary": "SUSE Bug 1237132 for CVE-2025-21697",
"url": "https://bugzilla.suse.com/1237132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "low"
}
],
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode\u0027s address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21699",
"url": "https://www.suse.com/security/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1237139 for CVE-2025-21699",
"url": "https://bugzilla.suse.com/1237139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: Disallow replacing of child qdisc from one parent to another\n\nLion Ackermann was able to create a UAF which can be abused for privilege\nescalation with the following script\n\nStep 1. create root qdisc\ntc qdisc add dev lo root handle 1:0 drr\n\nstep2. a class for packet aggregation do demonstrate uaf\ntc class add dev lo classid 1:1 drr\n\nstep3. a class for nesting\ntc class add dev lo classid 1:2 drr\n\nstep4. a class to graft qdisc to\ntc class add dev lo classid 1:3 drr\n\nstep5.\ntc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024\n\nstep6.\ntc qdisc add dev lo parent 1:2 handle 3:0 drr\n\nstep7.\ntc class add dev lo classid 3:1 drr\n\nstep 8.\ntc qdisc add dev lo parent 3:1 handle 4:0 pfifo\n\nstep 9. Display the class/qdisc layout\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nstep10. trigger the bug \u003c=== prevented by this patch\ntc qdisc replace dev lo parent 1:3 handle 4:0\n\nstep 11. Redisplay again the qdiscs/classes\n\ntc class ls dev lo\n class drr 1:1 root leaf 2: quantum 64Kb\n class drr 1:2 root leaf 3: quantum 64Kb\n class drr 1:3 root leaf 4: quantum 64Kb\n class drr 3:1 root leaf 4: quantum 64Kb\n\ntc qdisc ls\n qdisc drr 1: dev lo root refcnt 2\n qdisc plug 2: dev lo parent 1:1\n qdisc pfifo 4: dev lo parent 3:1 refcnt 2 limit 1000p\n qdisc drr 3: dev lo parent 1:2\n\nObserve that a) parent for 4:0 does not change despite the replace request.\nThere can only be one parent. b) refcount has gone up by two for 4:0 and\nc) both class 1:3 and 3:1 are pointing to it.\n\nStep 12. send one packet to plug\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10001))\nstep13. send one packet to the grafted fifo\necho \"\" | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888,priority=$((0x10003))\n\nstep14. lets trigger the uaf\ntc class delete dev lo classid 1:3\ntc class delete dev lo classid 1:1\n\nThe semantics of \"replace\" is for a del/add _on the same node_ and not\na delete from one node(3:1) and add to another node (1:3) as in step10.\nWhile we could \"fix\" with a more complex approach there could be\nconsequences to expectations so the patch takes the preventive approach of\n\"disallow such config\".\n\nJoint work with Lion Ackermann \u003cnnamrec@gmail.com\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21700",
"url": "https://www.suse.com/security/cve/CVE-2025-21700"
},
{
"category": "external",
"summary": "SUSE Bug 1237159 for CVE-2025-21700",
"url": "https://bugzilla.suse.com/1237159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n \u003cTASK\u003e\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21701",
"url": "https://www.suse.com/security/cve/CVE-2025-21701"
},
{
"category": "external",
"summary": "SUSE Bug 1237164 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1237164"
},
{
"category": "external",
"summary": "SUSE Bug 1245805 for CVE-2025-21701",
"url": "https://bugzilla.suse.com/1245805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: Update sch-\u003eq.qlen before qdisc_tree_reduce_backlog()\n\nqdisc_tree_reduce_backlog() notifies parent qdisc only if child\nqdisc becomes empty, therefore we need to reduce the backlog of the\nchild qdisc before calling it. Otherwise it would miss the opportunity\nto call cops-\u003eqlen_notify(), in the case of DRR, it resulted in UAF\nsince DRR uses -\u003eqlen_notify() to maintain its active list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21703",
"url": "https://www.suse.com/security/cve/CVE-2025-21703"
},
{
"category": "external",
"summary": "SUSE Bug 1237313 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1237313"
},
{
"category": "external",
"summary": "SUSE Bug 1245796 for CVE-2025-21703",
"url": "https://bugzilla.suse.com/1245796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can\u0027t\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm-\u003enb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device\u0027s vendor/product IDs and\nits other interfaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21704",
"url": "https://www.suse.com/security/cve/CVE-2025-21704"
},
{
"category": "external",
"summary": "SUSE Bug 1237571 for CVE-2025-21704",
"url": "https://bugzilla.suse.com/1237571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: handle fastopen disconnect correctly\n\nSyzbot was able to trigger a data stream corruption:\n\n WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Modules linked in:\n CPU: 0 UID: 0 PID: 9846 Comm: syz-executor351 Not tainted 6.13.0-rc2-syzkaller-00059-g00a5acdbf398 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\n RIP: 0010:__mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024\n Code: fa ff ff 48 8b 4c 24 18 80 e1 07 fe c1 38 c1 0f 8c 8e fa ff ff 48 8b 7c 24 18 e8 e0 db 54 f6 e9 7f fa ff ff e8 e6 80 ee f5 90 \u003c0f\u003e 0b 90 4c 8b 6c 24 40 4d 89 f4 e9 04 f5 ff ff 44 89 f1 80 e1 07\n RSP: 0018:ffffc9000c0cf400 EFLAGS: 00010293\n RAX: ffffffff8bb0dd5a RBX: ffff888033f5d230 RCX: ffff888059ce8000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000c0cf518 R08: ffffffff8bb0d1dd R09: 1ffff110170c8928\n R10: dffffc0000000000 R11: ffffed10170c8929 R12: 0000000000000000\n R13: ffff888033f5d220 R14: dffffc0000000000 R15: ffff8880592b8000\n FS: 00007f6e866496c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f6e86f491a0 CR3: 00000000310e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup+0x7f/0x2d0 net/mptcp/protocol.c:1074\n mptcp_release_cb+0x7cb/0xb30 net/mptcp/protocol.c:3493\n release_sock+0x1aa/0x1f0 net/core/sock.c:3640\n inet_wait_for_connect net/ipv4/af_inet.c:609 [inline]\n __inet_stream_connect+0x8bd/0xf30 net/ipv4/af_inet.c:703\n mptcp_sendmsg_fastopen+0x2a2/0x530 net/mptcp/protocol.c:1755\n mptcp_sendmsg+0x1884/0x1b10 net/mptcp/protocol.c:1830\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f6e86ebfe69\n Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f6e86649168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f6e86f491b8 RCX: 00007f6e86ebfe69\n RDX: 0000000030004001 RSI: 0000000020000080 RDI: 0000000000000003\n RBP: 00007f6e86f491b0 R08: 00007f6e866496c0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6e86f491bc\n R13: 000000000000006e R14: 00007ffe445d9420 R15: 00007ffe445d9508\n \u003c/TASK\u003e\n\nThe root cause is the bad handling of disconnect() generated internally\nby the MPTCP protocol in case of connect FASTOPEN errors.\n\nAddress the issue increasing the socket disconnect counter even on such\na case, to allow other threads waiting on the same socket lock to\nproperly error out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21705",
"url": "https://www.suse.com/security/cve/CVE-2025-21705"
},
{
"category": "external",
"summary": "SUSE Bug 1238525 for CVE-2025-21705",
"url": "https://bugzilla.suse.com/1238525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only set fullmesh for subflow endp\n\nWith the in-kernel path-manager, it is possible to change the \u0027fullmesh\u0027\nflag. The code in mptcp_pm_nl_fullmesh() expects to change it only on\n\u0027subflow\u0027 endpoints, to recreate more or less subflows using the linked\naddress.\n\nUnfortunately, the set_flags() hook was a bit more permissive, and\nallowed \u0027implicit\u0027 endpoints to get the \u0027fullmesh\u0027 flag while it is not\nallowed before.\n\nThat\u0027s what syzbot found, triggering the following warning:\n\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n WARNING: CPU: 0 PID: 6499 at net/mptcp/pm_netlink.c:1496 mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Modules linked in:\n CPU: 0 UID: 0 PID: 6499 Comm: syz.1.413 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1496 [inline]\n RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1980 [inline]\n RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:2003 [inline]\n RIP: 0010:mptcp_pm_nl_set_flags+0x974/0xdc0 net/mptcp/pm_netlink.c:2064\n Code: 01 00 00 49 89 c5 e8 fb 45 e8 f5 e9 b8 fc ff ff e8 f1 45 e8 f5 4c 89 f7 be 03 00 00 00 e8 44 1d 0b f9 eb a0 e8 dd 45 e8 f5 90 \u003c0f\u003e 0b 90 e9 17 ff ff ff 89 d9 80 e1 07 38 c1 0f 8c c9 fc ff ff 48\n RSP: 0018:ffffc9000d307240 EFLAGS: 00010293\n RAX: ffffffff8bb72e03 RBX: 0000000000000000 RCX: ffff88807da88000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000d307430 R08: ffffffff8bb72cf0 R09: 1ffff1100b842a5e\n R10: dffffc0000000000 R11: ffffed100b842a5f R12: ffff88801e2e5ac0\n R13: ffff88805c214800 R14: ffff88805c2152e8 R15: 1ffff1100b842a5d\n FS: 00005555619f6500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000020002840 CR3: 00000000247e6000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2542\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f5fe8785d29\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007fff571f5558 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f5fe8975fa0 RCX: 00007f5fe8785d29\n RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000007\n RBP: 00007f5fe8801b08 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007f5fe8975fa0 R14: 00007f5fe8975fa0 R15: 000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21706",
"url": "https://www.suse.com/security/cve/CVE-2025-21706"
},
{
"category": "external",
"summary": "SUSE Bug 1238528 for CVE-2025-21706",
"url": "https://bugzilla.suse.com/1238528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: rtl8150: enable basic endpoint checking\n\nSyzkaller reports [1] encountering a common issue of utilizing a wrong\nusb endpoint type during URB submitting stage. This, in turn, triggers\na warning shown below.\n\nFor now, enable simple endpoint checking (specifically, bulk and\ninterrupt eps, testing control one is not essential) to mitigate\nthe issue with a view to do other related cosmetic changes later,\nif they are necessary.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv\u003e\nModules linked in:\nCPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617\u003e\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nCode: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8\u003e\nRSP: 0018:ffffc9000441f740 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9\nRDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001\nRBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c\nFS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733\n __dev_open+0x2d4/0x4e0 net/core/dev.c:1474\n __dev_change_flags+0x561/0x720 net/core/dev.c:8838\n dev_change_flags+0x8f/0x160 net/core/dev.c:8910\n devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177\n inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003\n sock_do_ioctl+0x116/0x280 net/socket.c:1222\n sock_ioctl+0x22e/0x6c0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fc04ef73d49\n...\n\nThis change has not been tested on real hardware.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21708",
"url": "https://www.suse.com/security/cve/CVE-2025-21708"
},
{
"category": "external",
"summary": "SUSE Bug 1239087 for CVE-2025-21708",
"url": "https://bugzilla.suse.com/1239087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rose: prevent integer overflows in rose_setsockopt()\n\nIn case of possible unpredictably large arguments passed to\nrose_setsockopt() and multiplied by extra values on top of that,\ninteger overflows may occur.\n\nDo the safest minimum and fix these issues by checking the\ncontents of \u0027opt\u0027 and returning -EINVAL if they are too large. Also,\nswitch to unsigned int and remove useless check for negative \u0027opt\u0027\nin ROSE_IDLE case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21711",
"url": "https://www.suse.com/security/cve/CVE-2025-21711"
},
{
"category": "external",
"summary": "SUSE Bug 1239114 for CVE-2025-21711",
"url": "https://bugzilla.suse.com/1239114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP use after free\n\nPrevent double queueing of implicit ODP mr destroy work by using\n__xa_cmpxchg() to make sure this is the only time we are destroying this\nspecific mr.\n\nWithout this change, we could try to invalidate this mr twice, which in\nturn could result in queuing a MR work destroy twice, and eventually the\nsecond work could execute after the MR was freed due to the first work,\ncausing a user after free and trace below.\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130\n Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\n CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]\n RIP: 0010:refcount_warn_saturate+0x12b/0x130\n Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff \u003c0f\u003e 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff\n RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027\n RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0\n RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019\n R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00\n R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0\n FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0x12b/0x130\n free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]\n process_one_work+0x1cc/0x3c0\n worker_thread+0x218/0x3c0\n kthread+0xc6/0xf0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21714",
"url": "https://www.suse.com/security/cve/CVE-2025-21714"
},
{
"category": "external",
"summary": "SUSE Bug 1237890 for CVE-2025-21714",
"url": "https://bugzilla.suse.com/1237890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21715",
"url": "https://www.suse.com/security/cve/CVE-2025-21715"
},
{
"category": "external",
"summary": "SUSE Bug 1237889 for CVE-2025-21715",
"url": "https://bugzilla.suse.com/1237889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21716"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix uninit-value in vxlan_vnifilter_dump()\n\nKMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].\n\nIf the length of the netlink message payload is less than\nsizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes\nbeyond the message. This can lead to uninit-value access. Fix this by\nreturning an error in such situations.\n\n[1]\nBUG: KMSAN: uninit-value in vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n vxlan_vnifilter_dump+0x328/0x920 drivers/net/vxlan/vxlan_vnifilter.c:422\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6786\n netlink_dump+0x93e/0x15f0 net/netlink/af_netlink.c:2317\n __netlink_dump_start+0x716/0xd60 net/netlink/af_netlink.c:2432\n netlink_dump_start include/linux/netlink.h:340 [inline]\n rtnetlink_dump_start net/core/rtnetlink.c:6815 [inline]\n rtnetlink_rcv_msg+0x1256/0x14a0 net/core/rtnetlink.c:6882\n netlink_rcv_skb+0x467/0x660 net/netlink/af_netlink.c:2542\n rtnetlink_rcv+0x35/0x40 net/core/rtnetlink.c:6944\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0xed6/0x1290 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x1092/0x1230 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4110 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x800/0xe80 mm/slub.c:4205\n kmalloc_reserve+0x13b/0x4b0 net/core/skbuff.c:587\n __alloc_skb+0x347/0x7d0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n netlink_alloc_large_skb+0xa5/0x280 net/netlink/af_netlink.c:1196\n netlink_sendmsg+0xac9/0x1230 net/netlink/af_netlink.c:1866\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:726\n ____sys_sendmsg+0x7f4/0xb50 net/socket.c:2583\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2637\n __sys_sendmsg net/socket.c:2669 [inline]\n __do_sys_sendmsg net/socket.c:2674 [inline]\n __se_sys_sendmsg net/socket.c:2672 [inline]\n __x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2672\n x64_sys_call+0x3878/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 30991 Comm: syz.4.10630 Not tainted 6.12.0-10694-gc44daa7e3c73 #29\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21716",
"url": "https://www.suse.com/security/cve/CVE-2025-21716"
},
{
"category": "external",
"summary": "SUSE Bug 1237891 for CVE-2025-21716",
"url": "https://bugzilla.suse.com/1237891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: fix timer races against user threads\n\nRose timers only acquire the socket spinlock, without\nchecking if the socket is owned by one user thread.\n\nAdd a check and rearm the timers if needed.\n\nBUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\nRead of size 2 at addr ffff88802f09b82a by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174\n call_timer_fn+0x187/0x650 kernel/time/timer.c:1793\n expire_timers kernel/time/timer.c:1844 [inline]\n __run_timers kernel/time/timer.c:2418 [inline]\n __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430\n run_timer_base kernel/time/timer.c:2439 [inline]\n run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21718",
"url": "https://www.suse.com/security/cve/CVE-2025-21718"
},
{
"category": "external",
"summary": "SUSE Bug 1239073 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239073"
},
{
"category": "external",
"summary": "SUSE Bug 1239074 for CVE-2025-21718",
"url": "https://bugzilla.suse.com/1239074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: do not call mr_mfc_uses_dev() for unres entries\n\nsyzbot found that calling mr_mfc_uses_dev() for unres entries\nwould crash [1], because c-\u003emfc_un.res.minvif / c-\u003emfc_un.res.maxvif\nalias to \"struct sk_buff_head unresolved\", which contain two pointers.\n\nThis code never worked, lets remove it.\n\n[1]\nUnable to handle kernel paging request at virtual address ffff5fff2d536613\nKASAN: maybe wild-memory-access in range [0xfffefff96a9b3098-0xfffefff96a9b309f]\nModules linked in:\nCPU: 1 UID: 0 PID: 7321 Comm: syz.0.16 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline]\n pc : mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334\n lr : mr_mfc_uses_dev net/ipv4/ipmr_base.c:289 [inline]\n lr : mr_table_dump+0x694/0x8b0 net/ipv4/ipmr_base.c:334\nCall trace:\n mr_mfc_uses_dev net/ipv4/ipmr_base.c:290 [inline] (P)\n mr_table_dump+0x5a4/0x8b0 net/ipv4/ipmr_base.c:334 (P)\n mr_rtm_dumproute+0x254/0x454 net/ipv4/ipmr_base.c:382\n ipmr_rtm_dumproute+0x248/0x4b4 net/ipv4/ipmr.c:2648\n rtnl_dump_all+0x2e4/0x4e8 net/core/rtnetlink.c:4327\n rtnl_dumpit+0x98/0x1d0 net/core/rtnetlink.c:6791\n netlink_dump+0x4f0/0xbc0 net/netlink/af_netlink.c:2317\n netlink_recvmsg+0x56c/0xe64 net/netlink/af_netlink.c:1973\n sock_recvmsg_nosec net/socket.c:1033 [inline]\n sock_recvmsg net/socket.c:1055 [inline]\n sock_read_iter+0x2d8/0x40c net/socket.c:1125\n new_sync_read fs/read_write.c:484 [inline]\n vfs_read+0x740/0x970 fs/read_write.c:565\n ksys_read+0x15c/0x26c fs/read_write.c:708",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21719",
"url": "https://www.suse.com/security/cve/CVE-2025-21719"
},
{
"category": "external",
"summary": "SUSE Bug 1238860 for CVE-2025-21719",
"url": "https://bugzilla.suse.com/1238860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21723"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix possible crash when setting up bsg fails\n\nIf bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.\nConsequently, in mpi3mr_bsg_exit(), the condition \"if(!mrioc-\u003ebsg_queue)\"\nwill not be satisfied, preventing execution from entering\nbsg_remove_queue(), which could lead to the following crash:\n\nBUG: kernel NULL pointer dereference, address: 000000000000041c\nCall Trace:\n \u003cTASK\u003e\n mpi3mr_bsg_exit+0x1f/0x50 [mpi3mr]\n mpi3mr_remove+0x6f/0x340 [mpi3mr]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x19d/0x220\n unbind_store+0xa4/0xb0\n kernfs_fop_write_iter+0x11f/0x200\n vfs_write+0x1fc/0x3e0\n ksys_write+0x67/0xe0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0xe2",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21723",
"url": "https://www.suse.com/security/cve/CVE-2025-21723"
},
{
"category": "external",
"summary": "SUSE Bug 1238864 for CVE-2025-21723",
"url": "https://bugzilla.suse.com/1238864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap-\u003emapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand\u0027s type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21724",
"url": "https://www.suse.com/security/cve/CVE-2025-21724"
},
{
"category": "external",
"summary": "SUSE Bug 1238863 for CVE-2025-21724",
"url": "https://bugzilla.suse.com/1238863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix oops due to unset link speed\n\nIt isn\u0027t guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will always\nbe set by the server, so the client must handle any values and then\nprevent oopses like below from happening:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 1323 Comm: cat Not tainted 6.13.0-rc7 #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nRIP: 0010:cifs_debug_data_proc_show+0xa45/0x1460 [cifs] Code: 00 00 48\n89 df e8 3b cd 1b c1 41 f6 44 24 2c 04 0f 84 50 01 00 00 48 89 ef e8\ne7 d0 1b c1 49 8b 44 24 18 31 d2 49 8d 7c 24 28 \u003c48\u003e f7 74 24 18 48 89\nc3 e8 6e cf 1b c1 41 8b 6c 24 28 49 8d 7c 24\nRSP: 0018:ffffc90001817be0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811230022c RCX: ffffffffc041bd99\nRDX: 0000000000000000 RSI: 0000000000000567 RDI: ffff888112300228\nRBP: ffff888112300218 R08: fffff52000302f5f R09: ffffed1022fa58ac\nR10: ffff888117d2c566 R11: 00000000fffffffe R12: ffff888112300200\nR13: 000000012a15343f R14: 0000000000000001 R15: ffff888113f2db58\nFS: 00007fe27119e740(0000) GS:ffff888148600000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe2633c5000 CR3: 0000000124da0000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0x159/0x1b0\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? do_error_trap+0x90/0x130\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? exc_divide_error+0x39/0x50\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? asm_exc_divide_error+0x1a/0x20\n ? cifs_debug_data_proc_show+0xa39/0x1460 [cifs]\n ? cifs_debug_data_proc_show+0xa45/0x1460 [cifs]\n ? seq_read_iter+0x42e/0x790\n seq_read_iter+0x19a/0x790\n proc_reg_read_iter+0xbe/0x110\n ? __pfx_proc_reg_read_iter+0x10/0x10\n vfs_read+0x469/0x570\n ? do_user_addr_fault+0x398/0x760\n ? __pfx_vfs_read+0x10/0x10\n ? find_held_lock+0x8a/0xa0\n ? __pfx_lock_release+0x10/0x10\n ksys_read+0xd3/0x170\n ? __pfx_ksys_read+0x10/0x10\n ? __rcu_read_unlock+0x50/0x270\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe271288911\nCode: 00 48 8b 15 01 25 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8\n20 ad 01 00 f3 0f 1e fa 80 3d b5 a7 10 00 00 74 13 31 c0 0f 05 \u003c48\u003e 3d\n00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec\nRSP: 002b:00007ffe87c079d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\nRAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007fe271288911\nRDX: 0000000000040000 RSI: 00007fe2633c6000 RDI: 0000000000000003\nRBP: 00007ffe87c07a00 R08: 0000000000000000 R09: 00007fe2713e6380\nR10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000\nR13: 00007fe2633c6000 R14: 0000000000000003 R15: 0000000000000000\n \u003c/TASK\u003e\n\nFix this by setting cifs_server_iface::speed to a sane value (1Gbps)\nby default when link speed is unset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21725",
"url": "https://www.suse.com/security/cve/CVE-2025-21725"
},
{
"category": "external",
"summary": "SUSE Bug 1238877 for CVE-2025-21725",
"url": "https://bugzilla.suse.com/1238877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: avoid UAF for reorder_work\n\nAlthough the previous patch can avoid ps and ps UAF for _do_serial, it\ncan not avoid potential UAF issue for reorder_work. This issue can\nhappen just as below:\n\ncrypto_request\t\t\tcrypto_request\t\tcrypto_del_alg\npadata_do_serial\n ...\n padata_reorder\n // processes all remaining\n // requests then breaks\n while (1) {\n if (!padata)\n break;\n ...\n }\n\n\t\t\t\tpadata_do_serial\n\t\t\t\t // new request added\n\t\t\t\t list_add\n // sees the new request\n queue_work(reorder_work)\n\t\t\t\t padata_reorder\n\t\t\t\t queue_work_on(squeue-\u003ework)\n...\n\n\t\t\t\t\u003ckworker context\u003e\n\t\t\t\tpadata_serial_worker\n\t\t\t\t// completes new request,\n\t\t\t\t// no more outstanding\n\t\t\t\t// requests\n\n\t\t\t\t\t\t\tcrypto_del_alg\n\t\t\t\t\t\t\t // free pd\n\n\u003ckworker context\u003e\ninvoke_padata_reorder\n // UAF of pd\n\nTo avoid UAF for \u0027reorder_work\u0027, get \u0027pd\u0027 ref before put \u0027reorder_work\u0027\ninto the \u0027serial_wq\u0027 and put \u0027pd\u0027 ref until the \u0027serial_wq\u0027 finish.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21726",
"url": "https://www.suse.com/security/cve/CVE-2025-21726"
},
{
"category": "external",
"summary": "SUSE Bug 1238865 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1238865"
},
{
"category": "external",
"summary": "SUSE Bug 1240837 for CVE-2025-21726",
"url": "https://bugzilla.suse.com/1240837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: fix UAF in padata_reorder\n\nA bug was found when run ltp test:\n\nBUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0\nRead of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206\n\nCPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+\nWorkqueue: pdecrypt_parallel padata_parallel_worker\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x32/0x50\nprint_address_description.constprop.0+0x6b/0x3d0\nprint_report+0xdd/0x2c0\nkasan_report+0xa5/0xd0\npadata_find_next+0x29/0x1a0\npadata_reorder+0x131/0x220\npadata_parallel_worker+0x3d/0xc0\nprocess_one_work+0x2ec/0x5a0\n\nIf \u0027mdelay(10)\u0027 is added before calling \u0027padata_find_next\u0027 in the\n\u0027padata_reorder\u0027 function, this issue could be reproduced easily with\nltp test (pcrypt_aead01).\n\nThis can be explained as bellow:\n\npcrypt_aead_encrypt\n...\npadata_do_parallel\nrefcount_inc(\u0026pd-\u003erefcnt); // add refcnt\n...\npadata_do_serial\npadata_reorder // pd\nwhile (1) {\npadata_find_next(pd, true); // using pd\nqueue_work_on\n...\npadata_serial_worker\t\t\t\tcrypto_del_alg\npadata_put_pd_cnt // sub refcnt\n\t\t\t\t\t\tpadata_free_shell\n\t\t\t\t\t\tpadata_put_pd(ps-\u003epd);\n\t\t\t\t\t\t// pd is freed\n// loop again, but pd is freed\n// call padata_find_next, UAF\n}\n\nIn the padata_reorder function, when it loops in \u0027while\u0027, if the alg is\ndeleted, the refcnt may be decreased to 0 before entering\n\u0027padata_find_next\u0027, which leads to UAF.\n\nAs mentioned in [1], do_serial is supposed to be called with BHs disabled\nand always happen under RCU protection, to address this issue, add\nsynchronize_rcu() in \u0027padata_free_shell\u0027 wait for all _do_serial calls\nto finish.\n\n[1] https://lore.kernel.org/all/20221028160401.cccypv4euxikusiq@parnassus.localdomain/\n[2] https://lore.kernel.org/linux-kernel/jfjz5d7zwbytztackem7ibzalm5lnxldi2eofeiczqmqs2m7o6@fq426cwnjtkm/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21727",
"url": "https://www.suse.com/security/cve/CVE-2025-21727"
},
{
"category": "external",
"summary": "SUSE Bug 1237876 for CVE-2025-21727",
"url": "https://bugzilla.suse.com/1237876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Send signals asynchronously if !preemptible\n\nBPF programs can execute in all kinds of contexts and when a program\nrunning in a non-preemptible context uses the bpf_send_signal() kfunc,\nit will cause issues because this kfunc can sleep.\nChange `irqs_disabled()` to `!preemptible()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21728",
"url": "https://www.suse.com/security/cve/CVE-2025-21728"
},
{
"category": "external",
"summary": "SUSE Bug 1237879 for CVE-2025-21728",
"url": "https://bugzilla.suse.com/1237879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix race between cancel_hw_scan and hw_scan completion\n\nThe rtwdev-\u003escanning flag isn\u0027t protected by mutex originally, so\ncancel_hw_scan can pass the condition, but suddenly hw_scan completion\nunset the flag and calls ieee80211_scan_completed() that will free\nlocal-\u003ehw_scan_req. Then, cancel_hw_scan raises null-ptr-deref and\nuse-after-free. Fix it by moving the check condition to where\nprotected by mutex.\n\n KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]\n CPU: 2 PID: 6922 Comm: kworker/2:2 Tainted: G OE\n Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB6WW (2.76 ) 09/10/2019\n Workqueue: events cfg80211_conn_work [cfg80211]\n RIP: 0010:rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]\n Code: 00 45 89 6c 24 1c 0f 85 23 01 00 00 48 8b 85 20 ff ff ff 48 8d\n RSP: 0018:ffff88811fd9f068 EFLAGS: 00010206\n RAX: dffffc0000000000 RBX: ffff88811fd9f258 RCX: 0000000000000001\n RDX: 0000000000000011 RSI: 0000000000000001 RDI: 0000000000000089\n RBP: ffff88811fd9f170 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff88811fd9f108 R11: 0000000000000000 R12: ffff88810e47f960\n R13: 0000000000000000 R14: 000000000000ffff R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8881d6f00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007531dfca55b0 CR3: 00000001be296004 CR4: 00000000001706e0\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x61/0x73\n ? __die_body+0x20/0x73\n ? die_addr+0x4f/0x7b\n ? exc_general_protection+0x191/0x1db\n ? asm_exc_general_protection+0x27/0x30\n ? rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core]\n ? rtw89_fw_h2c_scan_offload_be+0x458/0x13c3 [rtw89_core]\n ? __pfx_rtw89_fw_h2c_scan_offload_be+0x10/0x10 [rtw89_core]\n ? do_raw_spin_lock+0x75/0xdb\n ? __pfx_do_raw_spin_lock+0x10/0x10\n rtw89_hw_scan_offload+0xb5e/0xbf7 [rtw89_core]\n ? _raw_spin_unlock+0xe/0x24\n ? __mutex_lock.constprop.0+0x40c/0x471\n ? __pfx_rtw89_hw_scan_offload+0x10/0x10 [rtw89_core]\n ? __mutex_lock_slowpath+0x13/0x1f\n ? mutex_lock+0xa2/0xdc\n ? __pfx_mutex_lock+0x10/0x10\n rtw89_hw_scan_abort+0x58/0xb7 [rtw89_core]\n rtw89_ops_cancel_hw_scan+0x120/0x13b [rtw89_core]\n ieee80211_scan_cancel+0x468/0x4d0 [mac80211]\n ieee80211_prep_connection+0x858/0x899 [mac80211]\n ieee80211_mgd_auth+0xbea/0xdde [mac80211]\n ? __pfx_ieee80211_mgd_auth+0x10/0x10 [mac80211]\n ? cfg80211_find_elem+0x15/0x29 [cfg80211]\n ? is_bss+0x1b7/0x1d7 [cfg80211]\n ieee80211_auth+0x18/0x27 [mac80211]\n cfg80211_mlme_auth+0x3bb/0x3e7 [cfg80211]\n cfg80211_conn_do_work+0x410/0xb81 [cfg80211]\n ? __pfx_cfg80211_conn_do_work+0x10/0x10 [cfg80211]\n ? __kasan_check_read+0x11/0x1f\n ? psi_group_change+0x8bc/0x944\n ? __kasan_check_write+0x14/0x22\n ? mutex_lock+0x8e/0xdc\n ? __pfx_mutex_lock+0x10/0x10\n ? __pfx___radix_tree_lookup+0x10/0x10\n cfg80211_conn_work+0x245/0x34d [cfg80211]\n ? __pfx_cfg80211_conn_work+0x10/0x10 [cfg80211]\n ? update_cfs_rq_load_avg+0x3bc/0x3d7\n ? sched_clock_noinstr+0x9/0x1a\n ? sched_clock+0x10/0x24\n ? sched_clock_cpu+0x7e/0x42e\n ? newidle_balance+0x796/0x937\n ? __pfx_sched_clock_cpu+0x10/0x10\n ? __pfx_newidle_balance+0x10/0x10\n ? __kasan_check_read+0x11/0x1f\n ? psi_group_change+0x8bc/0x944\n ? _raw_spin_unlock+0xe/0x24\n ? raw_spin_rq_unlock+0x47/0x54\n ? raw_spin_rq_unlock_irq+0x9/0x1f\n ? finish_task_switch.isra.0+0x347/0x586\n ? __schedule+0x27bf/0x2892\n ? mutex_unlock+0x80/0xd0\n ? do_raw_spin_lock+0x75/0xdb\n ? __pfx___schedule+0x10/0x10\n process_scheduled_works+0x58c/0x821\n worker_thread+0x4c7/0x586\n ? __kasan_check_read+0x11/0x1f\n kthread+0x285/0x294\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x6f\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21729",
"url": "https://www.suse.com/security/cve/CVE-2025-21729"
},
{
"category": "external",
"summary": "SUSE Bug 1237874 for CVE-2025-21729",
"url": "https://bugzilla.suse.com/1237874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21729"
},
{
"cve": "CVE-2025-21731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: don\u0027t allow reconnect after disconnect\n\nFollowing process can cause nbd_config UAF:\n\n1) grab nbd_config temporarily;\n\n2) nbd_genl_disconnect() flush all recv_work() and release the\ninitial reference:\n\n nbd_genl_disconnect\n nbd_disconnect_and_put\n nbd_disconnect\n flush_workqueue(nbd-\u003erecv_workq)\n if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF, ...))\n nbd_config_put\n -\u003e due to step 1), reference is still not zero\n\n3) nbd_genl_reconfigure() queue recv_work() again;\n\n nbd_genl_reconfigure\n config = nbd_get_config_unlocked(nbd)\n if (!config)\n -\u003e succeed\n if (!test_bit(NBD_RT_BOUND, ...))\n -\u003e succeed\n nbd_reconnect_socket\n queue_work(nbd-\u003erecv_workq, \u0026args-\u003ework)\n\n4) step 1) release the reference;\n\n5) Finially, recv_work() will trigger UAF:\n\n recv_work\n nbd_config_put(nbd)\n -\u003e nbd_config is freed\n atomic_dec(\u0026config-\u003erecv_threads)\n -\u003e UAF\n\nFix the problem by clearing NBD_RT_BOUND in nbd_genl_disconnect(), so\nthat nbd_genl_reconfigure() will fail.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21731",
"url": "https://www.suse.com/security/cve/CVE-2025-21731"
},
{
"category": "external",
"summary": "SUSE Bug 1237881 for CVE-2025-21731",
"url": "https://bugzilla.suse.com/1237881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error\n\nThis patch addresses a race condition for an ODP MR that can result in a\nCQE with an error on the UMR QP.\n\nDuring the __mlx5_ib_dereg_mr() flow, the following sequence of calls\noccurs:\n\nmlx5_revoke_mr()\n mlx5r_umr_revoke_mr()\n mlx5r_umr_post_send_wait()\n\nAt this point, the lkey is freed from the hardware\u0027s perspective.\n\nHowever, concurrently, mlx5_ib_invalidate_range() might be triggered by\nanother task attempting to invalidate a range for the same freed lkey.\n\nThis task will:\n - Acquire the umem_odp-\u003eumem_mutex lock.\n - Call mlx5r_umr_update_xlt() on the UMR QP.\n - Since the lkey has already been freed, this can lead to a CQE error,\n causing the UMR QP to enter an error state [1].\n\nTo resolve this race condition, the umem_odp-\u003eumem_mutex lock is now also\nacquired as part of the mlx5_revoke_mr() scope. Upon successful revoke,\nwe set umem_odp-\u003eprivate which points to that MR to NULL, preventing any\nfurther invalidation attempts on its lkey.\n\n[1] From dmesg:\n\n infiniband rocep8s0f0: dump_cqe:277:(pid 0): WC error: 6, Message: memory bind operation error\n cqe_dump: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000030: 00 00 00 00 08 00 78 06 25 00 11 b9 00 0e dd d2\n\n WARNING: CPU: 15 PID: 1506 at drivers/infiniband/hw/mlx5/umr.c:394 mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n Modules linked in: ip6table_mangle ip6table_natip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\n CPU: 15 UID: 0 PID: 1506 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1626\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n [..]\n Call Trace:\n \u003cTASK\u003e\n mlx5r_umr_update_xlt+0x23c/0x3e0 [mlx5_ib]\n mlx5_ib_invalidate_range+0x2e1/0x330 [mlx5_ib]\n __mmu_notifier_invalidate_range_start+0x1e1/0x240\n zap_page_range_single+0xf1/0x1a0\n madvise_vma_behavior+0x677/0x6e0\n do_madvise+0x1a2/0x4b0\n __x64_sys_madvise+0x25/0x30\n do_syscall_64+0x6b/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21732",
"url": "https://www.suse.com/security/cve/CVE-2025-21732"
},
{
"category": "external",
"summary": "SUSE Bug 1237877 for CVE-2025-21732",
"url": "https://bugzilla.suse.com/1237877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/osnoise: Fix resetting of tracepoints\n\nIf a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD\ndisabled, but then that option is enabled and timerlat is removed, the\ntracepoints that were enabled on timerlat registration do not get\ndisabled. If the option is disabled again and timelat is started, then it\ntriggers a warning in the tracepoint code due to registering the\ntracepoint again without ever disabling it.\n\nDo not use the same user space defined options to know to disable the\ntracepoints when timerlat is removed. Instead, set a global flag when it\nis enabled and use that flag to know to disable the events.\n\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n ~# echo OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo nop \u003e /sys/kernel/tracing/current_tracer\n ~# echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/tracing/osnoise/options\n ~# echo timerlat \u003e /sys/kernel/tracing/current_tracer\n\nTriggers:\n\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1337 at kernel/tracepoint.c:294 tracepoint_add_func+0x3b6/0x3f0\n Modules linked in:\n CPU: 6 UID: 0 PID: 1337 Comm: rtla Not tainted 6.13.0-rc4-test-00018-ga867c441128e-dirty #73\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:tracepoint_add_func+0x3b6/0x3f0\n Code: 48 8b 53 28 48 8b 73 20 4c 89 04 24 e8 23 59 11 00 4c 8b 04 24 e9 36 fe ff ff 0f 0b b8 ea ff ff ff 45 84 e4 0f 84 68 fe ff ff \u003c0f\u003e 0b e9 61 fe ff ff 48 8b 7b 18 48 85 ff 0f 84 4f ff ff ff 49 8b\n RSP: 0018:ffffb9b003a87ca0 EFLAGS: 00010202\n RAX: 00000000ffffffef RBX: ffffffff92f30860 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9bf59e91ccd0 RDI: ffffffff913b6410\n RBP: 000000000000000a R08: 00000000000005c7 R09: 0000000000000002\n R10: ffffb9b003a87ce0 R11: 0000000000000002 R12: 0000000000000001\n R13: ffffb9b003a87ce0 R14: ffffffffffffffef R15: 0000000000000008\n FS: 00007fce81209240(0000) GS:ffff9bf6fdd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055e99b728000 CR3: 00000001277c0002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __warn.cold+0xb7/0x14d\n ? tracepoint_add_func+0x3b6/0x3f0\n ? report_bug+0xea/0x170\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? tracepoint_add_func+0x3b6/0x3f0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n tracepoint_probe_register+0x78/0xb0\n ? __pfx_trace_sched_migrate_callback+0x10/0x10\n osnoise_workload_start+0x2b5/0x370\n timerlat_tracer_init+0x76/0x1b0\n tracing_set_tracer+0x244/0x400\n tracing_set_trace_write+0xa0/0xe0\n vfs_write+0xfc/0x570\n ? do_sys_openat2+0x9c/0xe0\n ksys_write+0x72/0xf0\n do_syscall_64+0x79/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21733",
"url": "https://www.suse.com/security/cve/CVE-2025-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1238494 for CVE-2025-21733",
"url": "https://bugzilla.suse.com/1238494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix copy buffer page size\n\nFor non-registered buffer, fastrpc driver copies the buffer and\npass it to the remote subsystem. There is a problem with current\nimplementation of page size calculation which is not considering\nthe offset in the calculation. This might lead to passing of\nimproper and out-of-bounds page size which could result in\nmemory issue. Calculate page start and page end using the offset\nadjusted address instead of absolute address.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21734",
"url": "https://www.suse.com/security/cve/CVE-2025-21734"
},
{
"category": "external",
"summary": "SUSE Bug 1238734 for CVE-2025-21734",
"url": "https://bugzilla.suse.com/1238734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: Add bounds checking in nci_hci_create_pipe()\n\nThe \"pipe\" variable is a u8 which comes from the network. If it\u0027s more\nthan 127, then it results in memory corruption in the caller,\nnci_hci_connect_gate().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21735",
"url": "https://www.suse.com/security/cve/CVE-2025-21735"
},
{
"category": "external",
"summary": "SUSE Bug 1238497 for CVE-2025-21735",
"url": "https://bugzilla.suse.com/1238497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix possible int overflows in nilfs_fiemap()\n\nSince nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result\nby being prepared to go through potentially maxblocks == INT_MAX blocks,\nthe value in n may experience an overflow caused by left shift of blkbits.\n\nWhile it is extremely unlikely to occur, play it safe and cast right hand\nexpression to wider type to mitigate the issue.\n\nFound by Linux Verification Center (linuxtesting.org) with static analysis\ntool SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21736",
"url": "https://www.suse.com/security/cve/CVE-2025-21736"
},
{
"category": "external",
"summary": "SUSE Bug 1238715 for CVE-2025-21736",
"url": "https://bugzilla.suse.com/1238715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21738",
"url": "https://www.suse.com/security/cve/CVE-2025-21738"
},
{
"category": "external",
"summary": "SUSE Bug 1238917 for CVE-2025-21738",
"url": "https://bugzilla.suse.com/1238917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix use-after free in init error and remove paths\n\ndevm_blk_crypto_profile_init() registers a cleanup handler to run when\nthe associated (platform-) device is being released. For UFS, the\ncrypto private data and pointers are stored as part of the ufs_hba\u0027s\ndata structure \u0027struct ufs_hba::crypto_profile\u0027. This structure is\nallocated as part of the underlying ufshcd and therefore Scsi_host\nallocation.\n\nDuring driver release or during error handling in ufshcd_pltfrm_init(),\nthis structure is released as part of ufshcd_dealloc_host() before the\n(platform-) device associated with the crypto call above is released.\nOnce this device is released, the crypto cleanup code will run, using\nthe just-released \u0027struct ufs_hba::crypto_profile\u0027. This causes a\nuse-after-free situation:\n\n Call trace:\n kfree+0x60/0x2d8 (P)\n kvfree+0x44/0x60\n blk_crypto_profile_destroy_callback+0x28/0x70\n devm_action_release+0x1c/0x30\n release_nodes+0x6c/0x108\n devres_release_all+0x98/0x100\n device_unbind_cleanup+0x20/0x70\n really_probe+0x218/0x2d0\n\nIn other words, the initialisation code flow is:\n\n platform-device probe\n ufshcd_pltfrm_init()\n ufshcd_alloc_host()\n scsi_host_alloc()\n allocation of struct ufs_hba\n creation of scsi-host devices\n devm_blk_crypto_profile_init()\n devm registration of cleanup handler using platform-device\n\nand during error handling of ufshcd_pltfrm_init() or during driver\nremoval:\n\n ufshcd_dealloc_host()\n scsi_host_put()\n put_device(scsi-host)\n release of struct ufs_hba\n put_device(platform-device)\n crypto cleanup handler\n\nTo fix this use-after free, change ufshcd_alloc_host() to register a\ndevres action to automatically cleanup the underlying SCSI device on\nufshcd destruction, without requiring explicit calls to\nufshcd_dealloc_host(). This way:\n\n * the crypto profile and all other ufs_hba-owned resources are\n destroyed before SCSI (as they\u0027ve been registered after)\n * a memleak is plugged in tc-dwc-g210-pci.c remove() as a\n side-effect\n * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as\n it\u0027s not needed anymore\n * no future drivers using ufshcd_alloc_host() could ever forget\n adding the cleanup",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21739",
"url": "https://www.suse.com/security/cve/CVE-2025-21739"
},
{
"category": "external",
"summary": "SUSE Bug 1238506 for CVE-2025-21739",
"url": "https://bugzilla.suse.com/1238506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix DPE OoB read\n\nFix an out-of-bounds DPE read, limit the number of processed DPEs to\nthe amount that fits into the fixed-size NDP16 header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21741",
"url": "https://www.suse.com/security/cve/CVE-2025-21741"
},
{
"category": "external",
"summary": "SUSE Bug 1238767 for CVE-2025-21741",
"url": "https://bugzilla.suse.com/1238767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: use static NDP16 location in URB\n\nOriginal code allowed for the start of NDP16 to be anywhere within the\nURB based on the `wNdpIndex` value in NTH16. Only the start position of\nNDP16 was checked, so it was possible for even the fixed-length part\nof NDP16 to extend past the end of URB, leading to an out-of-bounds\nread.\n\nOn iOS devices, the NDP16 header always directly follows NTH16. Rely on\nand check for this specific format.\n\nThis, along with NCM-specific minimal URB length check that already\nexists, will ensure that the fixed-length part of NDP16 plus a set\namount of DPEs fit within the URB.\n\nNote that this commit alone does not fully address the OoB read.\nThe limit on the amount of DPEs needs to be enforced separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21742",
"url": "https://www.suse.com/security/cve/CVE-2025-21742"
},
{
"category": "external",
"summary": "SUSE Bug 1238771 for CVE-2025-21742",
"url": "https://bugzilla.suse.com/1238771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: fix possible overflow in DPE length check\n\nOriginally, it was possible for the DPE length check to overflow if\nwDatagramIndex + wDatagramLength \u003e U16_MAX. This could lead to an OoB\nread.\n\nMove the wDatagramIndex term to the other side of the inequality.\n\nAn existing condition ensures that wDatagramIndex \u003c urb-\u003eactual_length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21743",
"url": "https://www.suse.com/security/cve/CVE-2025-21743"
},
{
"category": "external",
"summary": "SUSE Bug 1238781 for CVE-2025-21743",
"url": "https://bugzilla.suse.com/1238781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()\n\nOn removal of the device or unloading of the kernel module a potential NULL\npointer dereference occurs.\n\nThe following sequence deletes the interface:\n\n brcmf_detach()\n brcmf_remove_interface()\n brcmf_del_if()\n\nInside the brcmf_del_if() function the drvr-\u003eif2bss[ifidx] is updated to\nBRCMF_BSSIDX_INVALID (-1) if the bsscfgidx matches.\n\nAfter brcmf_remove_interface() call the brcmf_proto_detach() function is\ncalled providing the following sequence:\n\n brcmf_detach()\n brcmf_proto_detach()\n brcmf_proto_msgbuf_detach()\n brcmf_flowring_detach()\n brcmf_msgbuf_delete_flowring()\n brcmf_msgbuf_remove_flowring()\n brcmf_flowring_delete()\n brcmf_get_ifp()\n brcmf_txfinalize()\n\nSince brcmf_get_ip() can and actually will return NULL in this case the\ncall to brcmf_txfinalize() will result in a NULL pointer dereference inside\nbrcmf_txfinalize() when trying to update ifp-\u003endev-\u003estats.tx_errors.\n\nThis will only happen if a flowring still has an skb.\n\nAlthough the NULL pointer dereference has only been seen when trying to\nupdate the tx statistic, all other uses of the ifp pointer have been\nguarded as well with an early return if ifp is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21744",
"url": "https://www.suse.com/security/cve/CVE-2025-21744"
},
{
"category": "external",
"summary": "SUSE Bug 1238903 for CVE-2025-21744",
"url": "https://bugzilla.suse.com/1238903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix class @block_class\u0027s subsystem refcount leakage\n\nblkcg_fill_root_iostats() iterates over @block_class\u0027s devices by\nclass_dev_iter_(init|next)(), but does not end iterating with\nclass_dev_iter_exit(), so causes the class\u0027s subsystem refcount leakage.\n\nFix by ending the iterating with class_dev_iter_exit().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21745",
"url": "https://www.suse.com/security/cve/CVE-2025-21745"
},
{
"category": "external",
"summary": "SUSE Bug 1238785 for CVE-2025-21745",
"url": "https://bugzilla.suse.com/1238785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: lock the socket in rose_bind()\n\nsyzbot reported a soft lockup in rose_loopback_timer(),\nwith a repro calling bind() from multiple threads.\n\nrose_bind() must lock the socket to avoid this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21749",
"url": "https://www.suse.com/security/cve/CVE-2025-21749"
},
{
"category": "external",
"summary": "SUSE Bug 1238904 for CVE-2025-21749",
"url": "https://bugzilla.suse.com/1238904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "low"
}
],
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the return value of of_property_read_string_index()\n\nSomewhen between 6.10 and 6.11 the driver started to crash on my\nMacBookPro14,3. The property doesn\u0027t exist and \u0027tmp\u0027 remains\nuninitialized, so we pass a random pointer to devm_kstrdup().\n\nThe crash I am getting looks like this:\n\nBUG: unable to handle page fault for address: 00007f033c669379\nPF: supervisor read access in kernel mode\nPF: error_code(0x0001) - permissions violation\nPGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025\nOops: Oops: 0001 [#1] SMP PTI\nCPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1\nHardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024\nRIP: 0010:strlen+0x4/0x30\nCode: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c80\u003e 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc\nRSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202\nRAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001\nRDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379\nRBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a\nR10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8\nR13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30\nFS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x149/0x4c0\n ? raw_spin_rq_lock_nested+0xe/0x20\n ? sched_balance_newidle+0x22b/0x3c0\n ? update_load_avg+0x78/0x770\n ? exc_page_fault+0x6f/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_pci_conf1_write+0x10/0x10\n ? strlen+0x4/0x30\n devm_kstrdup+0x25/0x70\n brcmf_of_probe+0x273/0x350 [brcmfmac]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21750",
"url": "https://www.suse.com/security/cve/CVE-2025-21750"
},
{
"category": "external",
"summary": "SUSE Bug 1238905 for CVE-2025-21750",
"url": "https://bugzilla.suse.com/1238905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free when attempting to join an aborted transaction\n\nWhen we are trying to join the current transaction and if it\u0027s aborted,\nwe read its \u0027aborted\u0027 field after unlocking fs_info-\u003etrans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its \u0027aborted\u0027 field, leading to a use-after-free.\n\nFix this by reading the \u0027aborted\u0027 field while holding fs_info-\u003etrans_lock\nsince any freeing task must first acquire that lock and set\nfs_info-\u003erunning_transaction to NULL before freeing the transaction.\n\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\n\n CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Workqueue: events_unbound btrfs_async_reclaim_data_space\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\n btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\n worker_thread+0x870/0xd30 kernel/workqueue.c:3398\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\n Allocated by task 5315:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\n start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\n btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\n lookup_open fs/namei.c:3649 [inline]\n open_last_lookups fs/namei.c:3748 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3984\n do_filp_open+0x27f/0x4e0 fs/namei.c:4014\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1402\n do_sys_open fs/open.c:1417 [inline]\n __do_sys_creat fs/open.c:1495 [inline]\n __se_sys_creat fs/open.c:1489 [inline]\n __x64_sys_creat+0x123/0x170 fs/open.c:1489\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 5336:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n cleanup_transaction fs/btrfs/transaction.c:2063 [inline]\n btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\n insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\n btrfs_balance+0x992/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21753",
"url": "https://www.suse.com/security/cve/CVE-2025-21753"
},
{
"category": "external",
"summary": "SUSE Bug 1237875 for CVE-2025-21753",
"url": "https://bugzilla.suse.com/1237875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion failure when splitting ordered extent after transaction abort\n\nIf while we are doing a direct IO write a transaction abort happens, we\nmark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done\nat btrfs_destroy_ordered_extents()), and then after that if we enter\nbtrfs_split_ordered_extent() and the ordered extent has bytes left\n(meaning we have a bio that doesn\u0027t cover the whole ordered extent, see\ndetails at btrfs_extract_ordered_extent()), we will fail on the following\nassertion at btrfs_split_ordered_extent():\n\n ASSERT(!(flags \u0026 ~BTRFS_ORDERED_TYPE_FLAGS));\n\nbecause the BTRFS_ORDERED_IOERR flag is set and the definition of\nBTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the\ntype of write (regular, nocow, prealloc, compressed, direct IO, encoded).\n\nFix this by returning an error from btrfs_extract_ordered_extent() if we\nfind the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will\nbe the error that resulted in the transaction abort or -EIO if no\ntransaction abort happened.\n\nThis was recently reported by syzbot with the following trace:\n\n FAULT_INJECTION: forcing a failure.\n name failslab, interval 1, probability 0, space 0, times 1\n CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n fail_dump lib/fault-inject.c:53 [inline]\n should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154\n should_failslab+0xac/0x100 mm/failslab.c:46\n slab_pre_alloc_hook mm/slub.c:4072 [inline]\n slab_alloc_node mm/slub.c:4148 [inline]\n __do_kmalloc_node mm/slub.c:4297 [inline]\n __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742\n reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292\n check_system_chunk fs/btrfs/block-group.c:4319 [inline]\n do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]\n btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187\n find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]\n find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579\n btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672\n btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]\n btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321\n btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525\n iomap_iter+0x697/0xf60 fs/iomap/iter.c:90\n __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702\n btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]\n btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880\n btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397\n do_iter_readv_writev+0x600/0x880\n vfs_writev+0x376/0xba0 fs/read_write.c:1050\n do_pwritev fs/read_write.c:1146 [inline]\n __do_sys_pwritev2 fs/read_write.c:1204 [inline]\n __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f1281f85d29\n RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148\n RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29\n RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005\n RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003\n R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002\n R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328\n \u003c/TASK\u003e\n BTRFS error (device loop0 state A): Transaction aborted (error -12)\n BTRFS: error (device loop0 state A\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21754",
"url": "https://www.suse.com/security/cve/CVE-2025-21754"
},
{
"category": "external",
"summary": "SUSE Bug 1238496 for CVE-2025-21754",
"url": "https://bugzilla.suse.com/1238496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21755"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21755",
"url": "https://www.suse.com/security/cve/CVE-2025-21755"
},
{
"category": "external",
"summary": "SUSE Bug 1237882 for CVE-2025-21755",
"url": "https://bugzilla.suse.com/1237882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21755"
},
{
"cve": "CVE-2025-21756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Keep the binding until socket destruction\n\nPreserve sockets bindings; this includes both resulting from an explicit\nbind() and those implicitly bound through autobind during connect().\n\nPrevents socket unbinding during a transport reassignment, which fixes a\nuse-after-free:\n\n 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2)\n 2. transport-\u003erelease() calls vsock_remove_bound() without checking if\n sk was bound and moved to bound list (refcnt=1)\n 3. vsock_bind() assumes sk is in unbound list and before\n __vsock_insert_bound(vsock_bound_sockets()) calls\n __vsock_remove_bound() which does:\n list_del_init(\u0026vsk-\u003ebound_table); // nop\n sock_put(\u0026vsk-\u003esk); // refcnt=0\n\nBUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730\nRead of size 4 at addr ffff88816b46a74c by task a.out/2057\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n __vsock_bind+0x62e/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAllocated by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n __vsock_create.constprop.0+0x2e/0xb60\n vsock_create+0xe4/0x420\n __sock_create+0x241/0x650\n __sys_socket+0xf2/0x1a0\n __x64_sys_socket+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2057:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n __vsock_bind+0x5e1/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150\nRIP: 0010:refcount_warn_saturate+0xce/0x150\n __vsock_bind+0x66d/0x730\n vsock_bind+0x97/0xe0\n __sys_bind+0x154/0x1f0\n __x64_sys_bind+0x6e/0xb0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150\nRIP: 0010:refcount_warn_saturate+0xee/0x150\n vsock_remove_bound+0x187/0x1e0\n __vsock_release+0x383/0x4a0\n vsock_release+0x90/0x120\n __sock_release+0xa3/0x250\n sock_close+0x14/0x20\n __fput+0x359/0xa80\n task_work_run+0x107/0x1d0\n do_exit+0x847/0x2560\n do_group_exit+0xb8/0x250\n __x64_sys_exit_group+0x3a/0x50\n x64_sys_call+0xfec/0x14f0\n do_syscall_64+0x93/0x1b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21756",
"url": "https://www.suse.com/security/cve/CVE-2025-21756"
},
{
"category": "external",
"summary": "SUSE Bug 1238876 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1238876"
},
{
"category": "external",
"summary": "SUSE Bug 1245795 for CVE-2025-21756",
"url": "https://bugzilla.suse.com/1245795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: extend RCU protection in igmp6_send()\n\nigmp6_send() can be called without RTNL or RCU being held.\n\nExtend RCU protection so that we can safely fetch the net pointer\nand avoid a potential UAF.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21759",
"url": "https://www.suse.com/security/cve/CVE-2025-21759"
},
{
"category": "external",
"summary": "SUSE Bug 1238738 for CVE-2025-21759",
"url": "https://bugzilla.suse.com/1238738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: extend RCU protection in ndisc_send_skb()\n\nndisc_send_skb() can be called without RTNL or RCU held.\n\nAcquire rcu_read_lock() earlier, so that we can use dev_net_rcu()\nand avoid a potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21760",
"url": "https://www.suse.com/security/cve/CVE-2025-21760"
},
{
"category": "external",
"summary": "SUSE Bug 1238763 for CVE-2025-21760",
"url": "https://bugzilla.suse.com/1238763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: use RCU protection in ovs_vport_cmd_fill_info()\n\novs_vport_cmd_fill_info() can be called without RTNL or RCU.\n\nUse RCU protection and dev_net_rcu() to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21761",
"url": "https://www.suse.com/security/cve/CVE-2025-21761"
},
{
"category": "external",
"summary": "SUSE Bug 1238775 for CVE-2025-21761",
"url": "https://bugzilla.suse.com/1238775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: use RCU protection in arp_xmit()\n\narp_xmit() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21762",
"url": "https://www.suse.com/security/cve/CVE-2025-21762"
},
{
"category": "external",
"summary": "SUSE Bug 1238780 for CVE-2025-21762",
"url": "https://bugzilla.suse.com/1238780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: use RCU protection in __neigh_notify()\n\n__neigh_notify() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21763",
"url": "https://www.suse.com/security/cve/CVE-2025-21763"
},
{
"category": "external",
"summary": "SUSE Bug 1237897 for CVE-2025-21763",
"url": "https://bugzilla.suse.com/1237897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nndisc: use RCU protection in ndisc_alloc_skb()\n\nndisc_alloc_skb() can be called without RTNL or RCU being held.\n\nAdd RCU protection to avoid possible UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21764",
"url": "https://www.suse.com/security/cve/CVE-2025-21764"
},
{
"category": "external",
"summary": "SUSE Bug 1237885 for CVE-2025-21764",
"url": "https://bugzilla.suse.com/1237885"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU protection in ip6_default_advmss()\n\nip6_default_advmss() needs rcu protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21765",
"url": "https://www.suse.com/security/cve/CVE-2025-21765"
},
{
"category": "external",
"summary": "SUSE Bug 1237906 for CVE-2025-21765",
"url": "https://bugzilla.suse.com/1237906"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: use RCU protection in __ip_rt_update_pmtu()\n\n__ip_rt_update_pmtu() must use RCU protection to make\nsure the net structure it reads does not disappear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21766",
"url": "https://www.suse.com/security/cve/CVE-2025-21766"
},
{
"category": "external",
"summary": "SUSE Bug 1238754 for CVE-2025-21766",
"url": "https://bugzilla.suse.com/1238754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21767"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context\n\nThe following bug report happened with a PREEMPT_RT kernel:\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2012, name: kwatchdog\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n get_random_u32+0x4f/0x110\n clocksource_verify_choose_cpus+0xab/0x1a0\n clocksource_verify_percpu.part.0+0x6b/0x330\n clocksource_watchdog_kthread+0x193/0x1a0\n\nIt is due to the fact that clocksource_verify_choose_cpus() is invoked with\npreemption disabled. This function invokes get_random_u32() to obtain\nrandom numbers for choosing CPUs. The batched_entropy_32 local lock and/or\nthe base_crng.lock spinlock in driver/char/random.c will be acquired during\nthe call. In PREEMPT_RT kernel, they are both sleeping locks and so cannot\nbe acquired in atomic context.\n\nFix this problem by using migrate_disable() to allow smp_processor_id() to\nbe reliably used without introducing atomic context. preempt_disable() is\nthen called after clocksource_verify_choose_cpus() but before the\nclocksource measurement is being run to avoid introducing unexpected\nlatency.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21767",
"url": "https://www.suse.com/security/cve/CVE-2025-21767"
},
{
"category": "external",
"summary": "SUSE Bug 1238509 for CVE-2025-21767",
"url": "https://bugzilla.suse.com/1238509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npartitions: mac: fix handling of bogus partition table\n\nFix several issues in partition probing:\n\n - The bailout for a bad partoffset must use put_dev_sector(), since the\n preceding read_part_sector() succeeded.\n - If the partition table claims a silly sector size like 0xfff bytes\n (which results in partition table entries straddling sector boundaries),\n bail out instead of accessing out-of-bounds memory.\n - We must not assume that the partition table contains proper NUL\n termination - use strnlen() and strncmp() instead of strlen() and\n strcmp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21772",
"url": "https://www.suse.com/security/cve/CVE-2025-21772"
},
{
"category": "external",
"summary": "SUSE Bug 1238911 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238911"
},
{
"category": "external",
"summary": "SUSE Bug 1238912 for CVE-2025-21772",
"url": "https://bugzilla.suse.com/1238912"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21773"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: fix potential NULL pointer dereference on udev-\u003eserial\n\nThe driver assumed that es58x_dev-\u003eudev-\u003eserial could never be NULL.\nWhile this is true on commercially available devices, an attacker\ncould spoof the device identity providing a NULL USB serial number.\nThat would trigger a NULL pointer dereference.\n\nAdd a check on es58x_dev-\u003eudev-\u003eserial before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21773",
"url": "https://www.suse.com/security/cve/CVE-2025-21773"
},
{
"category": "external",
"summary": "SUSE Bug 1238762 for CVE-2025-21773",
"url": "https://bugzilla.suse.com/1238762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21775",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21775"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ctucanfd: handle skb allocation failure\n\nIf skb allocation fails, the pointer to struct can_frame is NULL. This\nis actually handled everywhere inside ctucan_err_interrupt() except for\nthe only place.\n\nAdd the missed NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21775",
"url": "https://www.suse.com/security/cve/CVE-2025-21775"
},
{
"category": "external",
"summary": "SUSE Bug 1238501 for CVE-2025-21775",
"url": "https://bugzilla.suse.com/1238501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21776"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: hub: Ignore non-compliant devices with too many configs or interfaces\n\nRobert Morris created a test program which can cause\nusb_hub_to_struct_hub() to dereference a NULL or inappropriate\npointer:\n\nOops: general protection fault, probably for non-canonical address\n0xcccccccccccccccc: 0000 [#1] SMP DEBUG_PAGEALLOC PTI\nCPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14\nHardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_hub_adjust_deviceremovable+0x78/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x31/0x80\n ? exc_general_protection+0x1b4/0x3c0\n ? asm_exc_general_protection+0x26/0x30\n ? usb_hub_adjust_deviceremovable+0x78/0x110\n hub_probe+0x7c7/0xab0\n usb_probe_interface+0x14b/0x350\n really_probe+0xd0/0x2d0\n ? __pfx___device_attach_driver+0x10/0x10\n __driver_probe_device+0x6e/0x110\n driver_probe_device+0x1a/0x90\n __device_attach_driver+0x7e/0xc0\n bus_for_each_drv+0x7f/0xd0\n __device_attach+0xaa/0x1a0\n bus_probe_device+0x8b/0xa0\n device_add+0x62e/0x810\n usb_set_configuration+0x65d/0x990\n usb_generic_driver_probe+0x4b/0x70\n usb_probe_device+0x36/0xd0\n\nThe cause of this error is that the device has two interfaces, and the\nhub driver binds to interface 1 instead of interface 0, which is where\nusb_hub_to_struct_hub() looks.\n\nWe can prevent the problem from occurring by refusing to accept hub\ndevices that violate the USB spec by having more than one\nconfiguration or interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21776",
"url": "https://www.suse.com/security/cve/CVE-2025-21776"
},
{
"category": "external",
"summary": "SUSE Bug 1238909 for CVE-2025-21776",
"url": "https://bugzilla.suse.com/1238909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21779"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Reject Hyper-V\u0027s SEND_IPI hypercalls if local APIC isn\u0027t in-kernel\n\nAdvertise support for Hyper-V\u0027s SEND_IPI and SEND_IPI_EX hypercalls if and\nonly if the local API is emulated/virtualized by KVM, and explicitly reject\nsaid hypercalls if the local APIC is emulated in userspace, i.e. don\u0027t rely\non userspace to opt-in to KVM_CAP_HYPERV_ENFORCE_CPUID.\n\nRejecting SEND_IPI and SEND_IPI_EX fixes a NULL-pointer dereference if\nHyper-V enlightenments are exposed to the guest without an in-kernel local\nAPIC:\n\n dump_stack+0xbe/0xfd\n __kasan_report.cold+0x34/0x84\n kasan_report+0x3a/0x50\n __apic_accept_irq+0x3a/0x5c0\n kvm_hv_send_ipi.isra.0+0x34e/0x820\n kvm_hv_hypercall+0x8d9/0x9d0\n kvm_emulate_hypercall+0x506/0x7e0\n __vmx_handle_exit+0x283/0xb60\n vmx_handle_exit+0x1d/0xd0\n vcpu_enter_guest+0x16b0/0x24c0\n vcpu_run+0xc0/0x550\n kvm_arch_vcpu_ioctl_run+0x170/0x6d0\n kvm_vcpu_ioctl+0x413/0xb20\n __se_sys_ioctl+0x111/0x160\n do_syscal1_64+0x30/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nNote, checking the sending vCPU is sufficient, as the per-VM irqchip_mode\ncan\u0027t be modified after vCPUs are created, i.e. if one vCPU has an\nin-kernel local APIC, then all vCPUs have an in-kernel local APIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21779",
"url": "https://www.suse.com/security/cve/CVE-2025-21779"
},
{
"category": "external",
"summary": "SUSE Bug 1238768 for CVE-2025-21779",
"url": "https://bugzilla.suse.com/1238768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21780"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21780",
"url": "https://www.suse.com/security/cve/CVE-2025-21780"
},
{
"category": "external",
"summary": "SUSE Bug 1239115 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239115"
},
{
"category": "external",
"summary": "SUSE Bug 1239116 for CVE-2025-21780",
"url": "https://bugzilla.suse.com/1239116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21781"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix panic during interface removal\n\nReference counting is used to ensure that\nbatadv_hardif_neigh_node and batadv_hard_iface\nare not freed before/during\nbatadv_v_elp_throughput_metric_update work is\nfinished.\n\nBut there isn\u0027t a guarantee that the hard if will\nremain associated with a soft interface up until\nthe work is finished.\n\nThis fixes a crash triggered by reboot that looks\nlike this:\n\nCall trace:\n batadv_v_mesh_free+0xd0/0x4dc [batman_adv]\n batadv_v_elp_throughput_metric_update+0x1c/0xa4\n process_one_work+0x178/0x398\n worker_thread+0x2e8/0x4d0\n kthread+0xd8/0xdc\n ret_from_fork+0x10/0x20\n\n(the batadv_v_mesh_free call is misleading,\nand does not actually happen)\n\nI was able to make the issue happen more reliably\nby changing hardif_neigh-\u003ebat_v.metric_work work\nto be delayed work. This allowed me to track down\nand confirm the fix.\n\n[sven@narfation.org: prevent entering batadv_v_elp_get_throughput without\n soft_iface]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21781",
"url": "https://www.suse.com/security/cve/CVE-2025-21781"
},
{
"category": "external",
"summary": "SUSE Bug 1238735 for CVE-2025-21781",
"url": "https://bugzilla.suse.com/1238735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21782"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix a oob in orangefs_debug_write\n\nI got a syzbot report: slab-out-of-bounds Read in\norangefs_debug_write... several people suggested fixes,\nI tested Al Viro\u0027s suggestion and made this patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21782",
"url": "https://www.suse.com/security/cve/CVE-2025-21782"
},
{
"category": "external",
"summary": "SUSE Bug 1239117 for CVE-2025-21782",
"url": "https://bugzilla.suse.com/1239117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21784"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()\n\nIn function psp_init_cap_microcode(), it should bail out when failed to\nload firmware, otherwise it may cause invalid memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21784",
"url": "https://www.suse.com/security/cve/CVE-2025-21784"
},
{
"category": "external",
"summary": "SUSE Bug 1238510 for CVE-2025-21784",
"url": "https://bugzilla.suse.com/1238510"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\n\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21785",
"url": "https://www.suse.com/security/cve/CVE-2025-21785"
},
{
"category": "external",
"summary": "SUSE Bug 1238747 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1238747"
},
{
"category": "external",
"summary": "SUSE Bug 1240745 for CVE-2025-21785",
"url": "https://bugzilla.suse.com/1240745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: check vxlan_vnigroup_init() return value\n\nvxlan_init() must check vxlan_vnigroup_init() success\notherwise a crash happens later, spotted by syzbot.\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]\nCPU: 0 UID: 0 PID: 7313 Comm: syz-executor147 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:vxlan_vnigroup_uninit+0x89/0x500 drivers/net/vxlan/vxlan_vnifilter.c:912\nCode: 00 48 8b 44 24 08 4c 8b b0 98 41 00 00 49 8d 86 60 01 00 00 48 89 c2 48 89 44 24 10 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4d 04 00 00 49 8b 86 60 01 00 00 48 ba 00 00 00\nRSP: 0018:ffffc9000cc1eea8 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff8672effb\nRDX: 000000000000002c RSI: ffffffff8672ecb9 RDI: ffff8880461b4f18\nRBP: ffff8880461b4ef4 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000020000\nR13: ffff8880461b0d80 R14: 0000000000000000 R15: dffffc0000000000\nFS: 00007fecfa95d6c0(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fecfa95cfb8 CR3: 000000004472c000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n vxlan_uninit+0x1ab/0x200 drivers/net/vxlan/vxlan_core.c:2942\n unregister_netdevice_many_notify+0x12d6/0x1f30 net/core/dev.c:11824\n unregister_netdevice_many net/core/dev.c:11866 [inline]\n unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11736\n register_netdevice+0x1829/0x1eb0 net/core/dev.c:10901\n __vxlan_dev_create+0x7c6/0xa30 drivers/net/vxlan/vxlan_core.c:3981\n vxlan_newlink+0xd1/0x130 drivers/net/vxlan/vxlan_core.c:4407\n rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21790",
"url": "https://www.suse.com/security/cve/CVE-2025-21790"
},
{
"category": "external",
"summary": "SUSE Bug 1238753 for CVE-2025-21790",
"url": "https://bugzilla.suse.com/1238753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21791"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: use RCU protection in l3mdev_l3_out()\n\nl3mdev_l3_out() can be called without RCU being held:\n\nraw_sendmsg()\n ip_push_pending_frames()\n ip_send_skb()\n ip_local_out()\n __ip_local_out()\n l3mdev_ip_out()\n\nAdd rcu_read_lock() / rcu_read_unlock() pair to avoid\na potential UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21791",
"url": "https://www.suse.com/security/cve/CVE-2025-21791"
},
{
"category": "external",
"summary": "SUSE Bug 1238512 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1238512"
},
{
"category": "external",
"summary": "SUSE Bug 1240744 for CVE-2025-21791",
"url": "https://bugzilla.suse.com/1240744"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21793",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21793"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sn-f-ospi: Fix division by zero\n\nWhen there is no dummy cycle in the spi-nor commands, both dummy bus cycle\nbytes and width are zero. Because of the cpu\u0027s warning when divided by\nzero, the warning should be avoided. Return just zero to avoid such\ncalculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21793",
"url": "https://www.suse.com/security/cve/CVE-2025-21793"
},
{
"category": "external",
"summary": "SUSE Bug 1238500 for CVE-2025-21793",
"url": "https://bugzilla.suse.com/1238500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()\n\nSyzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from\nhid-thrustmaster driver. This array is passed to usb_check_int_endpoints\nfunction from usb.c core driver, which executes a for loop that iterates\nover the elements of the passed array. Not finding a null element at the end of\nthe array, it tries to read the next, non-existent element, crashing the kernel.\n\nTo fix this, a 0 element was added at the end of the array to break the for\nloop.\n\n[1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21794",
"url": "https://www.suse.com/security/cve/CVE-2025-21794"
},
{
"category": "external",
"summary": "SUSE Bug 1238502 for CVE-2025-21794",
"url": "https://bugzilla.suse.com/1238502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21795"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix hang in nfsd4_shutdown_callback\n\nIf nfs4_client is in courtesy state then there is no point to send\nthe callback. This causes nfsd4_shutdown_callback to hang since\ncl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP\nnotifies NFSD that the connection was dropped.\n\nThis patch modifies nfsd4_run_cb_work to skip the RPC call if\nnfs4_client is in courtesy state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21795",
"url": "https://www.suse.com/security/cve/CVE-2025-21795"
},
{
"category": "external",
"summary": "SUSE Bug 1238759 for CVE-2025-21795",
"url": "https://bugzilla.suse.com/1238759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21796"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: clear acl_access/acl_default after releasing them\n\nIf getting acl_default fails, acl_access and acl_default will be released\nsimultaneously. However, acl_access will still retain a pointer pointing\nto the released posix_acl, which will trigger a WARNING in\nnfs3svc_release_getacl like this:\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 26 PID: 3199 at lib/refcount.c:28\nrefcount_warn_saturate+0xb5/0x170\nModules linked in:\nCPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted\n6.12.0-rc6-00079-g04ae226af01f-dirty #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb5/0x170\nCode: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75\ne4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff \u003c0f\u003e 0b eb\ncd 0f b6 1d 8a3\nRSP: 0018:ffffc90008637cd8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380\nRBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56\nR10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0\nFS: 0000000000000000(0000) GS:ffff88871ed00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xb5/0x170\n ? __warn+0xa5/0x140\n ? refcount_warn_saturate+0xb5/0x170\n ? report_bug+0x1b1/0x1e0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x17/0x40\n ? asm_exc_invalid_op+0x1a/0x20\n ? tick_nohz_tick_stopped+0x1e/0x40\n ? refcount_warn_saturate+0xb5/0x170\n ? refcount_warn_saturate+0xb5/0x170\n nfs3svc_release_getacl+0xc9/0xe0\n svc_process_common+0x5db/0xb60\n ? __pfx_svc_process_common+0x10/0x10\n ? __rcu_read_unlock+0x69/0xa0\n ? __pfx_nfsd_dispatch+0x10/0x10\n ? svc_xprt_received+0xa1/0x120\n ? xdr_init_decode+0x11d/0x190\n svc_process+0x2a7/0x330\n svc_handle_xprt+0x69d/0x940\n svc_recv+0x180/0x2d0\n nfsd+0x168/0x200\n ? __pfx_nfsd+0x10/0x10\n kthread+0x1a2/0x1e0\n ? kthread+0xf4/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\n\nClear acl_access/acl_default after posix_acl_release is called to prevent\nUAF from being triggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21796",
"url": "https://www.suse.com/security/cve/CVE-2025-21796"
},
{
"category": "external",
"summary": "SUSE Bug 1238716 for CVE-2025-21796",
"url": "https://bugzilla.suse.com/1238716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21799"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()\n\nWhen getting the IRQ we use k3_udma_glue_tx_get_irq() which returns\nnegative error value on error. So not NULL check is not sufficient\nto deteremine if IRQ is valid. Check that IRQ is greater then zero\nto ensure it is valid.\n\nThere is no issue at probe time but at runtime user can invoke\n.set_channels which results in the following call chain.\nam65_cpsw_set_channels()\n am65_cpsw_nuss_update_tx_rx_chns()\n am65_cpsw_nuss_remove_tx_chns()\n am65_cpsw_nuss_init_tx_chns()\n\nAt this point if am65_cpsw_nuss_init_tx_chns() fails due to\nk3_udma_glue_tx_get_irq() then tx_chn-\u003eirq will be set to a\nnegative value.\n\nThen, at subsequent .set_channels with higher channel count we\nwill attempt to free an invalid IRQ in am65_cpsw_nuss_remove_tx_chns()\nleading to a kernel warning.\n\nThe issue is present in the original commit that introduced this driver,\nalthough there, am65_cpsw_nuss_update_tx_rx_chns() existed as\nam65_cpsw_nuss_update_tx_chns().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21799",
"url": "https://www.suse.com/security/cve/CVE-2025-21799"
},
{
"category": "external",
"summary": "SUSE Bug 1238739 for CVE-2025-21799",
"url": "https://bugzilla.suse.com/1238739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21802"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix oops when unload drivers paralleling\n\nWhen unload hclge driver, it tries to disable sriov first for each\nae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver at\nthe time, because it removes all the ae_dev nodes, and it may cause\noops.\n\nBut we can\u0027t simply use hnae3_common_lock for this. Because in the\nprocess flow of pci_disable_sriov(), it will trigger the remove flow\nof VF, which will also take hnae3_common_lock.\n\nTo fixes it, introduce a new mutex to protect the unload process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21802",
"url": "https://www.suse.com/security/cve/CVE-2025-21802"
},
{
"category": "external",
"summary": "SUSE Bug 1238751 for CVE-2025-21802",
"url": "https://bugzilla.suse.com/1238751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21804"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region()\n\nThe rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()\nmacro to request a needed resource. A string variable that lives on the\nstack is then used to store a dynamically computed resource name, which\nis then passed on as one of the macro arguments. This can lead to\nundefined behavior.\n\nDepending on the current contents of the memory, the manifestations of\nerrors may vary. One possible output may be as follows:\n\n $ cat /proc/iomem\n 30000000-37ffffff :\n 38000000-3fffffff :\n\nSometimes, garbage may appear after the colon.\n\nIn very rare cases, if no NULL-terminator is found in memory, the system\nmight crash because the string iterator will overrun which can lead to\naccess of unmapped memory above the stack.\n\nThus, fix this by replacing outbound_name with the name of the previously\nrequested resource. With the changes applied, the output will be as\nfollows:\n\n $ cat /proc/iomem\n 30000000-37ffffff : memory2\n 38000000-3fffffff : memory3\n\n[kwilczynski: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21804",
"url": "https://www.suse.com/security/cve/CVE-2025-21804"
},
{
"category": "external",
"summary": "SUSE Bug 1238736 for CVE-2025-21804",
"url": "https://bugzilla.suse.com/1238736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: let net.core.dev_weight always be non-zero\n\nThe following problem was encountered during stability test:\n\n(NULL net_device): NAPI poll function process_backlog+0x0/0x530 \\\n\treturned 1, exceeding its budget of 0.\n------------[ cut here ]------------\nlist_add double add: new=ffff88905f746f48, prev=ffff88905f746f48, \\\n\tnext=ffff88905f746e40.\nWARNING: CPU: 18 PID: 5462 at lib/list_debug.c:35 \\\n\t__list_add_valid_or_report+0xf3/0x130\nCPU: 18 UID: 0 PID: 5462 Comm: ping Kdump: loaded Not tainted 6.13.0-rc7+\nRIP: 0010:__list_add_valid_or_report+0xf3/0x130\nCall Trace:\n? __warn+0xcd/0x250\n? __list_add_valid_or_report+0xf3/0x130\nenqueue_to_backlog+0x923/0x1070\nnetif_rx_internal+0x92/0x2b0\n__netif_rx+0x15/0x170\nloopback_xmit+0x2ef/0x450\ndev_hard_start_xmit+0x103/0x490\n__dev_queue_xmit+0xeac/0x1950\nip_finish_output2+0x6cc/0x1620\nip_output+0x161/0x270\nip_push_pending_frames+0x155/0x1a0\nraw_sendmsg+0xe13/0x1550\n__sys_sendto+0x3bf/0x4e0\n__x64_sys_sendto+0xdc/0x1b0\ndo_syscall_64+0x5b/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe reproduction command is as follows:\n sysctl -w net.core.dev_weight=0\n ping 127.0.0.1\n\nThis is because when the napi\u0027s weight is set to 0, process_backlog() may\nreturn 0 and clear the NAPI_STATE_SCHED bit of napi-\u003estate, causing this\nnapi to be re-polled in net_rx_action() until __do_softirq() times out.\nSince the NAPI_STATE_SCHED bit has been cleared, napi_schedule_rps() can\nbe retriggered in enqueue_to_backlog(), causing this issue.\n\nMaking the napi\u0027s weight always non-zero solves this problem.\n\nTriggering this issue requires system-wide admin (setting is\nnot namespaced).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21806",
"url": "https://www.suse.com/security/cve/CVE-2025-21806"
},
{
"category": "external",
"summary": "SUSE Bug 1238746 for CVE-2025-21806",
"url": "https://bugzilla.suse.com/1238746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21806"
},
{
"cve": "CVE-2025-21810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: class: Fix wild pointer dereferences in API class_dev_iter_next()\n\nThere are a potential wild pointer dereferences issue regarding APIs\nclass_dev_iter_(init|next|exit)(), as explained by below typical usage:\n\n// All members of @iter are wild pointers.\nstruct class_dev_iter iter;\n\n// class_dev_iter_init(@iter, @class, ...) checks parameter @class for\n// potential class_to_subsys() error, and it returns void type and does\n// not initialize its output parameter @iter, so caller can not detect\n// the error and continues to invoke class_dev_iter_next(@iter) even if\n// @iter still contains wild pointers.\nclass_dev_iter_init(\u0026iter, ...);\n\n// Dereference these wild pointers in @iter here once suffer the error.\nwhile (dev = class_dev_iter_next(\u0026iter)) { ... };\n\n// Also dereference these wild pointers here.\nclass_dev_iter_exit(\u0026iter);\n\nActually, all callers of these APIs have such usage pattern in kernel tree.\nFix by:\n- Initialize output parameter @iter by memset() in class_dev_iter_init()\n and give callers prompt by pr_crit() for the error.\n- Check if @iter is valid in class_dev_iter_next().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21810",
"url": "https://www.suse.com/security/cve/CVE-2025-21810"
},
{
"category": "external",
"summary": "SUSE Bug 1238757 for CVE-2025-21810",
"url": "https://bugzilla.suse.com/1238757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21815",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21815"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/compaction: fix UBSAN shift-out-of-bounds warning\n\nsyzkaller reported a UBSAN shift-out-of-bounds warning of (1UL \u003c\u003c order)\nin isolate_freepages_block(). The bogus compound_order can be any value\nbecause it is union with flags. Add back the MAX_PAGE_ORDER check to fix\nthe warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21815",
"url": "https://www.suse.com/security/cve/CVE-2025-21815"
},
{
"category": "external",
"summary": "SUSE Bug 1238474 for CVE-2025-21815",
"url": "https://bugzilla.suse.com/1238474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21819"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21819",
"url": "https://www.suse.com/security/cve/CVE-2025-21819"
},
{
"category": "external",
"summary": "SUSE Bug 1238994 for CVE-2025-21819",
"url": "https://bugzilla.suse.com/1238994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21820"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: xilinx_uartps: split sysrq handling\n\nlockdep detects the following circular locking dependency:\n\nCPU 0 CPU 1\n========================== ============================\ncdns_uart_isr() printk()\n uart_port_lock(port) console_lock()\n\t\t\t cdns_uart_console_write()\n if (!port-\u003esysrq)\n uart_port_lock(port)\n uart_handle_break()\n port-\u003esysrq = ...\n uart_handle_sysrq_char()\n printk()\n console_lock()\n\nThe fixed commit attempts to avoid this situation by only taking the\nport lock in cdns_uart_console_write if port-\u003esysrq unset. However, if\n(as shown above) cdns_uart_console_write runs before port-\u003esysrq is set,\nthen it will try to take the port lock anyway. This may result in a\ndeadlock.\n\nFix this by splitting sysrq handling into two parts. We use the prepare\nhelper under the port lock and defer handling until we release the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21820",
"url": "https://www.suse.com/security/cve/CVE-2025-21820"
},
{
"category": "external",
"summary": "SUSE Bug 1238479 for CVE-2025-21820",
"url": "https://bugzilla.suse.com/1238479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21821"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n Hardware name: Nokia 770\n Call trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x54/0x5c\n dump_stack_lvl from __schedule_bug+0x50/0x70\n __schedule_bug from __schedule+0x4d4/0x5bc\n __schedule from schedule+0x34/0xa0\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n clk_prepare_lock from clk_set_rate+0x18/0x154\n clk_set_rate from sossi_read_data+0x4c/0x168\n sossi_read_data from hwa742_read_reg+0x5c/0x8c\n hwa742_read_reg from send_frame_handler+0xfc/0x300\n send_frame_handler from process_pending_requests+0x74/0xd0\n process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n handle_irq_event from handle_level_irq+0x9c/0x170\n handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n generic_handle_arch_irq from call_with_stack+0x1c/0x24\n call_with_stack from __irq_svc+0x94/0xa8\n Exception stack(0xc5255da0 to 0xc5255de8)\n 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n 5de0: 60000013 ffffffff\n __irq_svc from clk_prepare_lock+0x4c/0xe4\n clk_prepare_lock from clk_get_rate+0x10/0x74\n clk_get_rate from uwire_setup_transfer+0x40/0x180\n uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n __spi_sync from spi_sync+0x24/0x40\n spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n ads7846_irq from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x120/0x228\n irq_thread from kthread+0xc8/0xe8\n kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21821",
"url": "https://www.suse.com/security/cve/CVE-2025-21821"
},
{
"category": "external",
"summary": "SUSE Bug 1239174 for CVE-2025-21821",
"url": "https://bugzilla.suse.com/1239174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21823"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Drop unmanaged ELP metric worker\n\nThe ELP worker needs to calculate new metric values for all neighbors\n\"reachable\" over an interface. Some of the used metric sources require\nlocks which might need to sleep. This sleep is incompatible with the RCU\nlist iterator used for the recorded neighbors. The initial approach to work\naround of this problem was to queue another work item per neighbor and then\nrun this in a new context.\n\nEven when this solved the RCU vs might_sleep() conflict, it has a major\nproblems: Nothing was stopping the work item in case it is not needed\nanymore - for example because one of the related interfaces was removed or\nthe batman-adv module was unloaded - resulting in potential invalid memory\naccesses.\n\nDirectly canceling the metric worker also has various problems:\n\n* cancel_work_sync for a to-be-deactivated interface is called with\n rtnl_lock held. But the code in the ELP metric worker also tries to use\n rtnl_lock() - which will never return in this case. This also means that\n cancel_work_sync would never return because it is waiting for the worker\n to finish.\n* iterating over the neighbor list for the to-be-deactivated interface is\n currently done using the RCU specific methods. Which means that it is\n possible to miss items when iterating over it without the associated\n spinlock - a behaviour which is acceptable for a periodic metric check\n but not for a cleanup routine (which must \"stop\" all still running\n workers)\n\nThe better approch is to get rid of the per interface neighbor metric\nworker and handle everything in the interface worker. The original problems\nare solved by:\n\n* creating a list of neighbors which require new metric information inside\n the RCU protected context, gathering the metric according to the new list\n outside the RCU protected context\n* only use rcu_trylock inside metric gathering code to avoid a deadlock\n when the cancel_delayed_work_sync is called in the interface removal code\n (which is called with the rtnl_lock held)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21823",
"url": "https://www.suse.com/security/cve/CVE-2025-21823"
},
{
"category": "external",
"summary": "SUSE Bug 1238475 for CVE-2025-21823",
"url": "https://bugzilla.suse.com/1238475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21825"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Cancel the running bpf_timer through kworker for PREEMPT_RT\n\nDuring the update procedure, when overwrite element in a pre-allocated\nhtab, the freeing of old_element is protected by the bucket lock. The\nreason why the bucket lock is necessary is that the old_element has\nalready been stashed in htab-\u003eextra_elems after alloc_htab_elem()\nreturns. If freeing the old_element after the bucket lock is unlocked,\nthe stashed element may be reused by concurrent update procedure and the\nfreeing of old_element will run concurrently with the reuse of the\nold_element. However, the invocation of check_and_free_fields() may\nacquire a spin-lock which violates the lockdep rule because its caller\nhas already held a raw-spin-lock (bucket lock). The following warning\nwill be reported when such race happens:\n\n BUG: scheduling while atomic: test_progs/676/0x00000003\n 3 locks held by test_progs/676:\n #0: ffffffff864b0240 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x2c0/0x830\n #1: ffff88810e961188 (\u0026htab-\u003elockdep_key){....}-{2:2}, at: htab_map_update_elem+0x306/0x1500\n #2: ffff8881f4eac1b8 (\u0026base-\u003esoftirq_expiry_lock){....}-{2:2}, at: hrtimer_cancel_wait_running+0xe9/0x1b0\n Modules linked in: bpf_testmod(O)\n Preemption disabled at:\n [\u003cffffffff817837a3\u003e] htab_map_update_elem+0x293/0x1500\n CPU: 0 UID: 0 PID: 676 Comm: test_progs Tainted: G ... 6.12.0+ #11\n Tainted: [W]=WARN, [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x57/0x70\n dump_stack+0x10/0x20\n __schedule_bug+0x120/0x170\n __schedule+0x300c/0x4800\n schedule_rtlock+0x37/0x60\n rtlock_slowlock_locked+0x6d9/0x54c0\n rt_spin_lock+0x168/0x230\n hrtimer_cancel_wait_running+0xe9/0x1b0\n hrtimer_cancel+0x24/0x30\n bpf_timer_delete_work+0x1d/0x40\n bpf_timer_cancel_and_free+0x5e/0x80\n bpf_obj_free_fields+0x262/0x4a0\n check_and_free_fields+0x1d0/0x280\n htab_map_update_elem+0x7fc/0x1500\n bpf_prog_9f90bc20768e0cb9_overwrite_cb+0x3f/0x43\n bpf_prog_ea601c4649694dbd_overwrite_timer+0x5d/0x7e\n bpf_prog_test_run_syscall+0x322/0x830\n __sys_bpf+0x135d/0x3ca0\n __x64_sys_bpf+0x75/0xb0\n x64_sys_call+0x1b5/0xa10\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n ...\n \u003c/TASK\u003e\n\nIt seems feasible to break the reuse and refill of per-cpu extra_elems\ninto two independent parts: reuse the per-cpu extra_elems with bucket\nlock being held and refill the old_element as per-cpu extra_elems after\nthe bucket lock is unlocked. However, it will make the concurrent\noverwrite procedures on the same CPU return unexpected -E2BIG error when\nthe map is full.\n\nTherefore, the patch fixes the lock problem by breaking the cancelling\nof bpf_timer into two steps for PREEMPT_RT:\n1) use hrtimer_try_to_cancel() and check its return value\n2) if the timer is running, use hrtimer_cancel() through a kworker to\n cancel it again\nConsidering that the current implementation of hrtimer_cancel() will try\nto acquire a being held softirq_expiry_lock when the current timer is\nrunning, these steps above are reasonable. However, it also has\ndownside. When the timer is running, the cancelling of the timer is\ndelayed when releasing the last map uref. The delay is also fixable\n(e.g., break the cancelling of bpf timer into two parts: one part in\nlocked scope, another one in unlocked scope), it can be revised later if\nnecessary.\n\nIt is a bit hard to decide the right fix tag. One reason is that the\nproblem depends on PREEMPT_RT which is enabled in v6.12. Considering the\nsoftirq_expiry_lock lock exists since v5.4 and bpf_timer is introduced\nin v5.15, the bpf_timer commit is used in the fixes tag and an extra\ndepends-on tag is added to state the dependency on PREEMPT_RT.\n\nDepends-on: v6.12+ with PREEMPT_RT enabled",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21825",
"url": "https://www.suse.com/security/cve/CVE-2025-21825"
},
{
"category": "external",
"summary": "SUSE Bug 1238971 for CVE-2025-21825",
"url": "https://bugzilla.suse.com/1238971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21825"
},
{
"cve": "CVE-2025-21828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t flush non-uploaded STAs\n\nIf STA state is pre-moved to AUTHORIZED (such as in IBSS\nscenarios) and insertion fails, the station is freed.\nIn this case, the driver never knew about the station,\nso trying to flush it is unexpected and may crash.\n\nCheck if the sta was uploaded to the driver before and\nfix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21828",
"url": "https://www.suse.com/security/cve/CVE-2025-21828"
},
{
"category": "external",
"summary": "SUSE Bug 1238958 for CVE-2025-21828",
"url": "https://bugzilla.suse.com/1238958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21828"
},
{
"cve": "CVE-2025-21829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21829"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the warning \"__rxe_cleanup+0x12c/0x170 [rdma_rxe]\"\n\nThe Call Trace is as below:\n\"\n \u003cTASK\u003e\n ? show_regs.cold+0x1a/0x1f\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __warn+0x84/0xd0\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? report_bug+0x105/0x180\n ? handle_bug+0x46/0x80\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? __rxe_cleanup+0x12c/0x170 [rdma_rxe]\n ? __rxe_cleanup+0x124/0x170 [rdma_rxe]\n rxe_destroy_qp.cold+0x24/0x29 [rdma_rxe]\n ib_destroy_qp_user+0x118/0x190 [ib_core]\n rdma_destroy_qp.cold+0x43/0x5e [rdma_cm]\n rtrs_cq_qp_destroy.cold+0x1d/0x2b [rtrs_core]\n rtrs_srv_close_work.cold+0x1b/0x31 [rtrs_server]\n process_one_work+0x21d/0x3f0\n worker_thread+0x4a/0x3c0\n ? process_one_work+0x3f0/0x3f0\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\"\nWhen too many rdma resources are allocated, rxe needs more time to\nhandle these rdma resources. Sometimes with the current timeout, rxe\ncan not release the rdma resources correctly.\n\nCompared with other rdma drivers, a bigger timeout is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21829",
"url": "https://www.suse.com/security/cve/CVE-2025-21829"
},
{
"category": "external",
"summary": "SUSE Bug 1239030 for CVE-2025-21829",
"url": "https://bugzilla.suse.com/1239030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21829"
},
{
"cve": "CVE-2025-21830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21830"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Handle weird files\n\nA corrupted filesystem (e.g. bcachefs) might return weird files.\nInstead of throwing a warning and allowing access to such file, treat\nthem as regular files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21830",
"url": "https://www.suse.com/security/cve/CVE-2025-21830"
},
{
"category": "external",
"summary": "SUSE Bug 1239033 for CVE-2025-21830",
"url": "https://bugzilla.suse.com/1239033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21830"
},
{
"cve": "CVE-2025-21831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21831"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1\n\ncommit 9d26d3a8f1b0 (\"PCI: Put PCIe ports into D3 during suspend\") sets the\npolicy that all PCIe ports are allowed to use D3. When the system is\nsuspended if the port is not power manageable by the platform and won\u0027t be\nused for wakeup via a PME this sets up the policy for these ports to go\ninto D3hot.\n\nThis policy generally makes sense from an OSPM perspective but it leads to\nproblems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a\nspecific old BIOS. This manifests as a system hang.\n\nOn the affected Device + BIOS combination, add a quirk for the root port of\nthe problematic controller to ensure that these root ports are not put into\nD3hot at suspend.\n\nThis patch is based on\n\n https://lore.kernel.org/linux-pci/20230708214457.1229-2-mario.limonciello@amd.com\n\nbut with the added condition both in the documentation and in the code to\napply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only\nthe affected root ports.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21831",
"url": "https://www.suse.com/security/cve/CVE-2025-21831"
},
{
"category": "external",
"summary": "SUSE Bug 1239039 for CVE-2025-21831",
"url": "https://bugzilla.suse.com/1239039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21831"
},
{
"cve": "CVE-2025-21832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don\u0027t revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don\u0027t revert for -EIOCBQUEUED, like what is done in other\nspots.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21832",
"url": "https://www.suse.com/security/cve/CVE-2025-21832"
},
{
"category": "external",
"summary": "SUSE Bug 1239105 for CVE-2025-21832",
"url": "https://bugzilla.suse.com/1239105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21835"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_midi: fix MIDI Streaming descriptor lengths\n\nWhile the MIDI jacks are configured correctly, and the MIDIStreaming\nendpoint descriptors are filled with the correct information,\nbNumEmbMIDIJack and bLength are set incorrectly in these descriptors.\n\nThis does not matter when the numbers of in and out ports are equal, but\nwhen they differ the host will receive broken descriptors with\nuninitialized stack memory leaking into the descriptor for whichever\nvalue is smaller.\n\nThe precise meaning of \"in\" and \"out\" in the port counts is not clearly\ndefined and can be confusing. But elsewhere the driver consistently\nuses this to match the USB meaning of IN and OUT viewed from the host,\nso that \"in\" ports send data to the host and \"out\" ports receive data\nfrom it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21835",
"url": "https://www.suse.com/security/cve/CVE-2025-21835"
},
{
"category": "external",
"summary": "SUSE Bug 1239068 for CVE-2025-21835",
"url": "https://bugzilla.suse.com/1239068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21836"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: reallocate buf lists on upgrade\n\nIORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it\nwas created for legacy selected buffer and has been emptied. It violates\nthe requirement that most of the field should stay stable after publish.\nAlways reallocate it instead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21836",
"url": "https://www.suse.com/security/cve/CVE-2025-21836"
},
{
"category": "external",
"summary": "SUSE Bug 1239066 for CVE-2025-21836",
"url": "https://bugzilla.suse.com/1239066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21836"
},
{
"cve": "CVE-2025-21838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21838"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: flush gadget workqueue after device removal\n\ndevice_del() can lead to new work being scheduled in gadget-\u003ework\nworkqueue. This is observed, for example, with the dwc3 driver with the\nfollowing call stack:\n device_del()\n gadget_unbind_driver()\n usb_gadget_disconnect_locked()\n dwc3_gadget_pullup()\n\t dwc3_gadget_soft_disconnect()\n\t usb_gadget_set_state()\n\t schedule_work(\u0026gadget-\u003ework)\n\nMove flush_work() after device_del() to ensure the workqueue is cleaned\nup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21838",
"url": "https://www.suse.com/security/cve/CVE-2025-21838"
},
{
"category": "external",
"summary": "SUSE Bug 1239065 for CVE-2025-21838",
"url": "https://bugzilla.suse.com/1239065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21838"
},
{
"cve": "CVE-2025-21844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Add check for next_buffer in receive_encrypted_standard()\n\nAdd check for the return value of cifs_buf_get() and cifs_small_buf_get()\nin receive_encrypted_standard() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21844",
"url": "https://www.suse.com/security/cve/CVE-2025-21844"
},
{
"category": "external",
"summary": "SUSE Bug 1239512 for CVE-2025-21844",
"url": "https://bugzilla.suse.com/1239512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacct: perform last write from workqueue\n\nIn [1] it was reported that the acct(2) system call can be used to\ntrigger NULL deref in cases where it is set to write to a file that\ntriggers an internal lookup. This can e.g., happen when pointing acc(2)\nto /sys/power/resume. At the point the where the write to this file\nhappens the calling task has already exited and called exit_fs(). A\nlookup will thus trigger a NULL-deref when accessing current-\u003efs.\n\nReorganize the code so that the the final write happens from the\nworkqueue but with the caller\u0027s credentials. This preserves the\n(strange) permission model and has almost no regression risk.\n\nThis api should stop to exist though.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21846",
"url": "https://www.suse.com/security/cve/CVE-2025-21846"
},
{
"category": "external",
"summary": "SUSE Bug 1239508 for CVE-2025-21846",
"url": "https://bugzilla.suse.com/1239508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()\n\nThe nullity of sps-\u003ecstream should be checked similarly as it is done in\nsof_set_stream_data_offset() function.\nAssuming that it is not NULL if sps-\u003estream is NULL is incorrect and can\nlead to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21847",
"url": "https://www.suse.com/security/cve/CVE-2025-21847"
},
{
"category": "external",
"summary": "SUSE Bug 1239471 for CVE-2025-21847",
"url": "https://bugzilla.suse.com/1239471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: bpf: Add check for nfp_app_ctrl_msg_alloc()\n\nAdd check for the return value of nfp_app_ctrl_msg_alloc() in\nnfp_bpf_cmsg_alloc() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21848",
"url": "https://www.suse.com/security/cve/CVE-2025-21848"
},
{
"category": "external",
"summary": "SUSE Bug 1239479 for CVE-2025-21848",
"url": "https://bugzilla.suse.com/1239479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: Fix crash when a namespace is disabled\n\nThe namespace percpu counter protects pending I/O, and we can\nonly safely diable the namespace once the counter drop to zero.\nOtherwise we end up with a crash when running blktests/nvme/058\n(eg for loop transport):\n\n[ 2352.930426] [ T53909] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 2352.930431] [ T53909] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n[ 2352.930434] [ T53909] CPU: 3 UID: 0 PID: 53909 Comm: kworker/u16:5 Tainted: G W 6.13.0-rc6 #232\n[ 2352.930438] [ T53909] Tainted: [W]=WARN\n[ 2352.930440] [ T53909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 2352.930443] [ T53909] Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]\n[ 2352.930449] [ T53909] RIP: 0010:blkcg_set_ioprio+0x44/0x180\n\nas the queue is already torn down when calling submit_bio();\n\nSo we need to init the percpu counter in nvmet_ns_enable(), and\nwait for it to drop to zero in nvmet_ns_disable() to avoid having\nI/O pending after the namespace has been disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21850",
"url": "https://www.suse.com/security/cve/CVE-2025-21850"
},
{
"category": "external",
"summary": "SUSE Bug 1239477 for CVE-2025-21850",
"url": "https://bugzilla.suse.com/1239477"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21855"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Don\u0027t reference skb after sending to VIOS\n\nPreviously, after successfully flushing the xmit buffer to VIOS,\nthe tx_bytes stat was incremented by the length of the skb.\n\nIt is invalid to access the skb memory after sending the buffer to\nthe VIOS because, at any point after sending, the VIOS can trigger\nan interrupt to free this memory. A race between reading skb-\u003elen\nand freeing the skb is possible (especially during LPM) and will\nresult in use-after-free:\n ==================================================================\n BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n Read of size 4 at addr c00000024eb48a70 by task hxecom/14495\n \u003c...\u003e\n Call Trace:\n [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable)\n [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0\n [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8\n [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0\n [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358\n \u003c...\u003e\n Freed by task 0:\n kasan_save_stack+0x34/0x68\n kasan_save_track+0x2c/0x50\n kasan_save_free_info+0x64/0x108\n __kasan_mempool_poison_object+0x148/0x2d4\n napi_skb_cache_put+0x5c/0x194\n net_tx_action+0x154/0x5b8\n handle_softirqs+0x20c/0x60c\n do_softirq_own_stack+0x6c/0x88\n \u003c...\u003e\n The buggy address belongs to the object at c00000024eb48a00 which\n belongs to the cache skbuff_head_cache of size 224\n==================================================================",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21855",
"url": "https://www.suse.com/security/cve/CVE-2025-21855"
},
{
"category": "external",
"summary": "SUSE Bug 1239484 for CVE-2025-21855",
"url": "https://bugzilla.suse.com/1239484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21856"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: add release function for struct device\n\nAccording to device_release() in /drivers/base/core.c,\na device without a release function is a broken device\nand must be fixed.\n\nThe current code directly frees the device after calling device_add()\nwithout waiting for other kernel parts to release their references.\nThus, a reference could still be held to a struct device,\ne.g., by sysfs, leading to potential use-after-free\nissues if a proper release function is not set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21856",
"url": "https://www.suse.com/security/cve/CVE-2025-21856"
},
{
"category": "external",
"summary": "SUSE Bug 1239486 for CVE-2025-21856",
"url": "https://bugzilla.suse.com/1239486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21857"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_api: fix error handling causing NULL dereference\n\ntcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can\nreturn 1 if the allocation succeeded after wrapping. This was treated as\nan error, with value 1 returned to caller tcf_exts_init_ex() which sets\nexts-\u003eactions to NULL and returns 1 to caller fl_change().\n\nfl_change() treats err == 1 as success, calling tcf_exts_validate_ex()\nwhich calls tcf_action_init() with exts-\u003eactions as argument, where it\nis dereferenced.\n\nExample trace:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCPU: 114 PID: 16151 Comm: handler114 Kdump: loaded Not tainted 5.14.0-503.16.1.el9_5.x86_64 #1\nRIP: 0010:tcf_action_init+0x1f8/0x2c0\nCall Trace:\n tcf_action_init+0x1f8/0x2c0\n tcf_exts_validate_ex+0x175/0x190\n fl_change+0x537/0x1120 [cls_flower]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21857",
"url": "https://www.suse.com/security/cve/CVE-2025-21857"
},
{
"category": "external",
"summary": "SUSE Bug 1239478 for CVE-2025-21857",
"url": "https://bugzilla.suse.com/1239478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21858"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: Fix use-after-free in geneve_find_dev().\n\nsyzkaller reported a use-after-free in geneve_find_dev() [0]\nwithout repro.\n\ngeneve_configure() links struct geneve_dev.next to\nnet_generic(net, geneve_net_id)-\u003egeneve_list.\n\nThe net here could differ from dev_net(dev) if IFLA_NET_NS_PID,\nIFLA_NET_NS_FD, or IFLA_TARGET_NETNSID is set.\n\nWhen dev_net(dev) is dismantled, geneve_exit_batch_rtnl() finally\ncalls unregister_netdevice_queue() for each dev in the netns,\nand later the dev is freed.\n\nHowever, its geneve_dev.next is still linked to the backend UDP\nsocket netns.\n\nThen, use-after-free will occur when another geneve dev is created\nin the netns.\n\nLet\u0027s call geneve_dellink() instead in geneve_destroy_tunnels().\n\n[0]:\nBUG: KASAN: slab-use-after-free in geneve_find_dev drivers/net/geneve.c:1295 [inline]\nBUG: KASAN: slab-use-after-free in geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\nRead of size 2 at addr ffff000054d6ee24 by task syz.1.4029/13441\n\nCPU: 1 UID: 0 PID: 13441 Comm: syz.1.4029 Not tainted 6.13.0-g0ad9617c78ac #24 dc35ca22c79fb82e8e7bc5c9c9adafea898b1e3d\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x16c/0x6f0 mm/kasan/report.c:489\n kasan_report+0xc0/0x120 mm/kasan/report.c:602\n __asan_report_load2_noabort+0x20/0x30 mm/kasan/report_generic.c:379\n geneve_find_dev drivers/net/geneve.c:1295 [inline]\n geneve_configure+0x234/0x858 drivers/net/geneve.c:1343\n geneve_newlink+0xb8/0x128 drivers/net/geneve.c:1634\n rtnl_newlink_create+0x23c/0x868 net/core/rtnetlink.c:3795\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:713 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x410/0x6f8 net/socket.c:2568\n ___sys_sendmsg+0x178/0x1d8 net/socket.c:2622\n __sys_sendmsg net/socket.c:2654 [inline]\n __do_sys_sendmsg net/socket.c:2659 [inline]\n __se_sys_sendmsg net/socket.c:2657 [inline]\n __arm64_sys_sendmsg+0x12c/0x1c8 net/socket.c:2657\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151\n el0_svc+0x4c/0xa8 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762\n el0t_64_sync+0x198/0x1a0 arch/arm64/kernel/entry.S:600\n\nAllocated by task 13247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x68 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4298 [inline]\n __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4304\n __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:645\n alloc_netdev_mqs+0xb8/0x11a0 net/core/dev.c:11470\n rtnl_create_link+0x2b8/0xb50 net/core/rtnetlink.c:3604\n rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3780\n __rtnl_newlink net/core/rtnetlink.c:3906 [inline]\n rtnl_newlink+0x1054/0x1630 net/core/rtnetlink.c:4021\n rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2543\n rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6938\n netlink_unicast_kernel net/netlink/af_n\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21858",
"url": "https://www.suse.com/security/cve/CVE-2025-21858"
},
{
"category": "external",
"summary": "SUSE Bug 1239468 for CVE-2025-21858",
"url": "https://bugzilla.suse.com/1239468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21859"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: f_midi: f_midi_complete to call queue_work\n\nWhen using USB MIDI, a lock is attempted to be acquired twice through a\nre-entrant call to f_midi_transmit, causing a deadlock.\n\nFix it by using queue_work() to schedule the inner f_midi_transmit() via\na high priority work queue from the completion handler.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21859",
"url": "https://www.suse.com/security/cve/CVE-2025-21859"
},
{
"category": "external",
"summary": "SUSE Bug 1239467 for CVE-2025-21859",
"url": "https://bugzilla.suse.com/1239467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate_device: don\u0027t add folio to be freed to LRU in migrate_device_finalize()\n\nIf migration succeeded, we called\nfolio_migrate_flags()-\u003emem_cgroup_migrate() to migrate the memcg from the\nold to the new folio. This will set memcg_data of the old folio to 0.\n\nSimilarly, if migration failed, memcg_data of the dst folio is left unset.\n\nIf we call folio_putback_lru() on such folios (memcg_data == 0), we will\nadd the folio to be freed to the LRU, making memcg code unhappy. Running\nthe hmm selftests:\n\n # ./hmm-tests\n ...\n # RUN hmm.hmm_device_private.migrate ...\n [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00\n [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff)\n [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9\n [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000\n [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg \u0026\u0026 !mem_cgroup_disabled())\n [ 102.087230][T14893] ------------[ cut here ]------------\n [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.090478][T14893] Modules linked in:\n [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151\n [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.096104][T14893] Code: ...\n [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293\n [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426\n [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880\n [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000\n [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8\n [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000\n [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000\n [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0\n [ 102.113478][T14893] PKRU: 55555554\n [ 102.114172][T14893] Call Trace:\n [ 102.114805][T14893] \u003cTASK\u003e\n [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.116547][T14893] ? __warn.cold+0x110/0x210\n [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.118667][T14893] ? report_bug+0x1b9/0x320\n [ 102.119571][T14893] ? handle_bug+0x54/0x90\n [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50\n [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20\n [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0\n [ 102.123506][T14893] ? dump_page+0x4f/0x60\n [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200\n [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720\n [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.129550][T14893] folio_putback_lru+0x16/0x80\n [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530\n [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0\n [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80\n\nLikely, nothing else goes wrong: putting the last folio reference will\nremove the folio from the LRU again. So besides memcg complaining, adding\nthe folio to be freed to the LRU is just an unnecessary step.\n\nThe new flow resembles what we have in migrate_folio_move(): add the dst\nto the lru, rem\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21861",
"url": "https://www.suse.com/security/cve/CVE-2025-21861"
},
{
"category": "external",
"summary": "SUSE Bug 1239483 for CVE-2025-21861",
"url": "https://bugzilla.suse.com/1239483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21862"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrop_monitor: fix incorrect initialization order\n\nSyzkaller reports the following bug:\n\nBUG: spinlock bad magic on CPU#1, syz-executor.0/7995\n lock: 0xffff88805303f3e0, .magic: 00000000, .owner: \u003cnone\u003e/-1, .owner_cpu: 0\nCPU: 1 PID: 7995 Comm: syz-executor.0 Tainted: G E 5.10.209+ #1\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x119/0x179 lib/dump_stack.c:118\n debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]\n do_raw_spin_lock+0x1f6/0x270 kernel/locking/spinlock_debug.c:112\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]\n _raw_spin_lock_irqsave+0x50/0x70 kernel/locking/spinlock.c:159\n reset_per_cpu_data+0xe6/0x240 [drop_monitor]\n net_dm_cmd_trace+0x43d/0x17a0 [drop_monitor]\n genl_family_rcv_msg_doit+0x22f/0x330 net/netlink/genetlink.c:739\n genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n genl_rcv_msg+0x341/0x5a0 net/netlink/genetlink.c:800\n netlink_rcv_skb+0x14d/0x440 net/netlink/af_netlink.c:2497\n genl_rcv+0x29/0x40 net/netlink/genetlink.c:811\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x54b/0x800 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x914/0xe00 net/netlink/af_netlink.c:1916\n sock_sendmsg_nosec net/socket.c:651 [inline]\n __sock_sendmsg+0x157/0x190 net/socket.c:663\n ____sys_sendmsg+0x712/0x870 net/socket.c:2378\n ___sys_sendmsg+0xf8/0x170 net/socket.c:2432\n __sys_sendmsg+0xea/0x1b0 net/socket.c:2461\n do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\nRIP: 0033:0x7f3f9815aee9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3f972bf0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f3f9826d050 RCX: 00007f3f9815aee9\nRDX: 0000000020000000 RSI: 0000000020001300 RDI: 0000000000000007\nRBP: 00007f3f981b63bd R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000006e R14: 00007f3f9826d050 R15: 00007ffe01ee6768\n\nIf drop_monitor is built as a kernel module, syzkaller may have time\nto send a netlink NET_DM_CMD_START message during the module loading.\nThis will call the net_dm_monitor_start() function that uses\na spinlock that has not yet been initialized.\n\nTo fix this, let\u0027s place resource initialization above the registration\nof a generic netlink family.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21862",
"url": "https://www.suse.com/security/cve/CVE-2025-21862"
},
{
"category": "external",
"summary": "SUSE Bug 1239474 for CVE-2025-21862",
"url": "https://bugzilla.suse.com/1239474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: prevent opcode speculation\n\nsqe-\u003eopcode is used for different tables, make sure we santitise it\nagainst speculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21863",
"url": "https://www.suse.com/security/cve/CVE-2025-21863"
},
{
"category": "external",
"summary": "SUSE Bug 1239475 for CVE-2025-21863",
"url": "https://bugzilla.suse.com/1239475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21863"
},
{
"cve": "CVE-2025-21864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: drop secpath at the same time as we currently drop dst\n\nXiumei reported hitting the WARN in xfrm6_tunnel_net_exit while\nrunning tests that boil down to:\n - create a pair of netns\n - run a basic TCP test over ipcomp6\n - delete the pair of netns\n\nThe xfrm_state found on spi_byaddr was not deleted at the time we\ndelete the netns, because we still have a reference on it. This\nlingering reference comes from a secpath (which holds a ref on the\nxfrm_state), which is still attached to an skb. This skb is not\nleaked, it ends up on sk_receive_queue and then gets defer-free\u0027d by\nskb_attempt_defer_free.\n\nThe problem happens when we defer freeing an skb (push it on one CPU\u0027s\ndefer_list), and don\u0027t flush that list before the netns is deleted. In\nthat case, we still have a reference on the xfrm_state that we don\u0027t\nexpect at this point.\n\nWe already drop the skb\u0027s dst in the TCP receive path when it\u0027s no\nlonger needed, so let\u0027s also drop the secpath. At this point,\ntcp_filter has already called into the LSM hooks that may require the\nsecpath, so it should not be needed anymore. However, in some of those\nplaces, the MPTCP extension has just been attached to the skb, so we\ncannot simply drop all extensions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21864",
"url": "https://www.suse.com/security/cve/CVE-2025-21864"
},
{
"category": "external",
"summary": "SUSE Bug 1239482 for CVE-2025-21864",
"url": "https://bugzilla.suse.com/1239482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21865"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().\n\nBrad Spengler reported the list_del() corruption splat in\ngtp_net_exit_batch_rtnl(). [0]\n\nCommit eb28fd76c0a0 (\"gtp: Destroy device along with udp socket\u0027s netns\ndismantle.\") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl()\nto destroy devices in each netns as done in geneve and ip tunnels.\n\nHowever, this could trigger -\u003edellink() twice for the same device during\n-\u003eexit_batch_rtnl().\n\nSay we have two netns A \u0026 B and gtp device B that resides in netns B but\nwhose UDP socket is in netns A.\n\n 1. cleanup_net() processes netns A and then B.\n\n 2. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns A\u0027s gn-\u003egtp_dev_list and calls -\u003edellink().\n\n [ device B is not yet unlinked from netns B\n as unregister_netdevice_many() has not been called. ]\n\n 3. gtp_net_exit_batch_rtnl() finds the device B while iterating\n netns B\u0027s for_each_netdev() and calls -\u003edellink().\n\ngtp_dellink() cleans up the device\u0027s hash table, unlinks the dev from\ngn-\u003egtp_dev_list, and calls unregister_netdevice_queue().\n\nBasically, calling gtp_dellink() multiple times is fine unless\nCONFIG_DEBUG_LIST is enabled.\n\nLet\u0027s remove for_each_netdev() in gtp_net_exit_batch_rtnl() and\ndelegate the destruction to default_device_exit_batch() as done\nin bareudp.\n\n[0]:\nlist_del corruption, ffff8880aaa62c00-\u003enext (autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]) is LIST_POISON1 (ffffffffffffff02) (prev is 0xffffffffffffff04)\nkernel BUG at lib/list_debug.c:58!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 UID: 0 PID: 1804 Comm: kworker/u8:7 Tainted: G T 6.12.13-grsec-full-20250211091339 #1\nTainted: [T]=RANDSTRUCT\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: netns cleanup_net\nRIP: 0010:[\u003cffffffff84947381\u003e] __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nCode: c2 76 91 31 c0 e8 9f b1 f7 fc 0f 0b 4d 89 f0 48 c7 c1 02 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 e0 c2 76 91 31 c0 e8 7f b1 f7 fc \u003c0f\u003e 0b 4d 89 e8 48 c7 c1 04 ff ff ff 48 89 ea 48 89 ee 48 c7 c7 60\nRSP: 0018:fffffe8040b4fbd0 EFLAGS: 00010283\nRAX: 00000000000000cc RBX: dffffc0000000000 RCX: ffffffff818c4054\nRDX: ffffffff84947381 RSI: ffffffff818d1512 RDI: 0000000000000000\nRBP: ffff8880aaa62c00 R08: 0000000000000001 R09: fffffbd008169f32\nR10: fffffe8040b4f997 R11: 0000000000000001 R12: a1988d84f24943e4\nR13: ffffffffffffff02 R14: ffffffffffffff04 R15: ffff8880aaa62c08\nRBX: kasan shadow of 0x0\nRCX: __wake_up_klogd.part.0+0x74/0xe0 kernel/printk/printk.c:4554\nRDX: __list_del_entry_valid_or_report+0x141/0x200 lib/list_debug.c:58\nRSI: vprintk+0x72/0x100 kernel/printk/printk_safe.c:71\nRBP: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc00/0x1000 [slab object]\nRSP: process kstack fffffe8040b4fbd0+0x7bd0/0x8000 [kworker/u8:7+netns 1804 ]\nR09: kasan shadow of process kstack fffffe8040b4f990+0x7990/0x8000 [kworker/u8:7+netns 1804 ]\nR10: process kstack fffffe8040b4f997+0x7997/0x8000 [kworker/u8:7+netns 1804 ]\nR15: autoslab_size_M_dev_P_net_core_dev_11127_8_1328_8_S_4096_A_64_n_139+0xc08/0x1000 [slab object]\nFS: 0000000000000000(0000) GS:ffff888116000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000748f5372c000 CR3: 0000000015408000 CR4: 00000000003406f0 shadow CR4: 00000000003406f0\nStack:\n 0000000000000000 ffffffff8a0c35e7 ffffffff8a0c3603 ffff8880aaa62c00\n ffff8880aaa62c00 0000000000000004 ffff88811145311c 0000000000000005\n 0000000000000001 ffff8880aaa62000 fffffe8040b4fd40 ffffffff8a0c360d\nCall Trace:\n \u003cTASK\u003e\n [\u003cffffffff8a0c360d\u003e] __list_del_entry_valid include/linux/list.h:131 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] __list_del_entry include/linux/list.h:248 [inline] fffffe8040b4fc28\n [\u003cffffffff8a0c360d\u003e] list_del include/linux/list.h:262 [inl\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21865",
"url": "https://www.suse.com/security/cve/CVE-2025-21865"
},
{
"category": "external",
"summary": "SUSE Bug 1239481 for CVE-2025-21865",
"url": "https://bugzilla.suse.com/1239481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC\n\nErhard reported the following KASAN hit while booting his PowerMac G4\nwith a KASAN-enabled kernel 6.13-rc6:\n\n BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8\n Write of size 8 at addr f1000000 by task chronyd/1293\n\n CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2\n Tainted: [W]=WARN\n Hardware name: PowerMac3,6 7455 0x80010303 PowerMac\n Call Trace:\n [c2437590] [c1631a84] dump_stack_lvl+0x70/0x8c (unreliable)\n [c24375b0] [c0504998] print_report+0xdc/0x504\n [c2437610] [c050475c] kasan_report+0xf8/0x108\n [c2437690] [c0505a3c] kasan_check_range+0x24/0x18c\n [c24376a0] [c03fb5e4] copy_to_kernel_nofault+0xd8/0x1c8\n [c24376c0] [c004c014] patch_instructions+0x15c/0x16c\n [c2437710] [c00731a8] bpf_arch_text_copy+0x60/0x7c\n [c2437730] [c0281168] bpf_jit_binary_pack_finalize+0x50/0xac\n [c2437750] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec\n [c2437880] [c0280394] bpf_prog_select_runtime+0x15c/0x478\n [c24378d0] [c1263428] bpf_prepare_filter+0xbf8/0xc14\n [c2437990] [c12677ec] bpf_prog_create_from_user+0x258/0x2b4\n [c24379d0] [c027111c] do_seccomp+0x3dc/0x1890\n [c2437ac0] [c001d8e0] system_call_exception+0x2dc/0x420\n [c2437f30] [c00281ac] ret_from_syscall+0x0/0x2c\n --- interrupt: c00 at 0x5a1274\n NIP: 005a1274 LR: 006a3b3c CTR: 005296c8\n REGS: c2437f40 TRAP: 0c00 Tainted: G W (6.13.0-rc6-PMacG4)\n MSR: 0200f932 \u003cVEC,EE,PR,FP,ME,IR,DR,RI\u003e CR: 24004422 XER: 00000000\n\n GPR00: 00000166 af8f3fa0 a7ee3540 00000001 00000000 013b6500 005a5858 0200f932\n GPR08: 00000000 00001fe9 013d5fc8 005296c8 2822244c 00b2fcd8 00000000 af8f4b57\n GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002\n GPR24: 00afdbb0 00000000 00000000 00000000 006e0004 013ce060 006e7c1c 00000001\n NIP [005a1274] 0x5a1274\n LR [006a3b3c] 0x6a3b3c\n --- interrupt: c00\n\n The buggy address belongs to the virtual mapping at\n [f1000000, f1002000) created by:\n text_area_cpu_up+0x20/0x190\n\n The buggy address belongs to the physical page:\n page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x76e30\n flags: 0x80000000(zone=2)\n raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001\n raw: 00000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n f0ffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n f0ffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n \u003ef1000000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n f1000080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n f1000100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ==================================================================\n\nf8 corresponds to KASAN_VMALLOC_INVALID which means the area is not\ninitialised hence not supposed to be used yet.\n\nPowerpc text patching infrastructure allocates a virtual memory area\nusing get_vm_area() and flags it as VM_ALLOC. But that flag is meant\nto be used for vmalloc() and vmalloc() allocated memory is not\nsupposed to be used before a call to __vmalloc_node_range() which is\nnever called for that area.\n\nThat went undetected until commit e4137f08816b (\"mm, kasan, kmsan:\ninstrument copy_from/to_kernel_nofault\")\n\nThe area allocated by text_area_cpu_up() is not vmalloc memory, it is\nmapped directly on demand when needed by map_kernel_page(). There is\nno VM flag corresponding to such usage, so just pass no flag. That way\nthe area will be unpoisonned and usable immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21866",
"url": "https://www.suse.com/security/cve/CVE-2025-21866"
},
{
"category": "external",
"summary": "SUSE Bug 1239473 for CVE-2025-21866",
"url": "https://bugzilla.suse.com/1239473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/code-patching: Disable KASAN report during patching via temporary mm\n\nErhard reports the following KASAN hit on Talos II (power9) with kernel 6.13:\n\n[ 12.028126] ==================================================================\n[ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1\n\n[ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted: G T 6.13.0-P9-dirty #3\n[ 12.028408] Tainted: [T]=RANDSTRUCT\n[ 12.028446] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n[ 12.028500] Call Trace:\n[ 12.028536] [c000000008dbf3b0] [c000000001656a48] dump_stack_lvl+0xbc/0x110 (unreliable)\n[ 12.028609] [c000000008dbf3f0] [c0000000006e2fc8] print_report+0x6b0/0x708\n[ 12.028666] [c000000008dbf4e0] [c0000000006e2454] kasan_report+0x164/0x300\n[ 12.028725] [c000000008dbf600] [c0000000006e54d4] kasan_check_range+0x314/0x370\n[ 12.028784] [c000000008dbf640] [c0000000006e6310] __kasan_check_write+0x20/0x40\n[ 12.028842] [c000000008dbf660] [c000000000578e8c] copy_to_kernel_nofault+0x8c/0x1a0\n[ 12.028902] [c000000008dbf6a0] [c0000000000acfe4] __patch_instructions+0x194/0x210\n[ 12.028965] [c000000008dbf6e0] [c0000000000ade80] patch_instructions+0x150/0x590\n[ 12.029026] [c000000008dbf7c0] [c0000000001159bc] bpf_arch_text_copy+0x6c/0xe0\n[ 12.029085] [c000000008dbf800] [c000000000424250] bpf_jit_binary_pack_finalize+0x40/0xc0\n[ 12.029147] [c000000008dbf830] [c000000000115dec] bpf_int_jit_compile+0x3bc/0x930\n[ 12.029206] [c000000008dbf990] [c000000000423720] bpf_prog_select_runtime+0x1f0/0x280\n[ 12.029266] [c000000008dbfa00] [c000000000434b18] bpf_prog_load+0xbb8/0x1370\n[ 12.029324] [c000000008dbfb70] [c000000000436ebc] __sys_bpf+0x5ac/0x2e00\n[ 12.029379] [c000000008dbfd00] [c00000000043a228] sys_bpf+0x28/0x40\n[ 12.029435] [c000000008dbfd20] [c000000000038eb4] system_call_exception+0x334/0x610\n[ 12.029497] [c000000008dbfe50] [c00000000000c270] system_call_vectored_common+0xf0/0x280\n[ 12.029561] --- interrupt: 3000 at 0x3fff82f5cfa8\n[ 12.029608] NIP: 00003fff82f5cfa8 LR: 00003fff82f5cfa8 CTR: 0000000000000000\n[ 12.029660] REGS: c000000008dbfe80 TRAP: 3000 Tainted: G T (6.13.0-P9-dirty)\n[ 12.029735] MSR: 900000000280f032 \u003cSF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI\u003e CR: 42004848 XER: 00000000\n[ 12.029855] IRQMASK: 0\n GPR00: 0000000000000169 00003fffdcf789a0 00003fff83067100 0000000000000005\n GPR04: 00003fffdcf78a98 0000000000000090 0000000000000000 0000000000000008\n GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n GPR12: 0000000000000000 00003fff836ff7e0 c000000000010678 0000000000000000\n GPR16: 0000000000000000 0000000000000000 00003fffdcf78f28 00003fffdcf78f90\n GPR20: 0000000000000000 0000000000000000 0000000000000000 00003fffdcf78f80\n GPR24: 00003fffdcf78f70 00003fffdcf78d10 00003fff835c7239 00003fffdcf78bd8\n GPR28: 00003fffdcf78a98 0000000000000000 0000000000000000 000000011f547580\n[ 12.030316] NIP [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030361] LR [00003fff82f5cfa8] 0x3fff82f5cfa8\n[ 12.030405] --- interrupt: 3000\n[ 12.030444] ==================================================================\n\nCommit c28c15b6d28a (\"powerpc/code-patching: Use temporary mm for\nRadix MMU\") is inspired from x86 but unlike x86 is doesn\u0027t disable\nKASAN reports during patching. This wasn\u0027t a problem at the begining\nbecause __patch_mem() is not instrumented.\n\nCommit 465cabc97b42 (\"powerpc/code-patching: introduce\npatch_instructions()\") use copy_to_kernel_nofault() to copy several\ninstructions at once. But when using temporary mm the destination is\nnot regular kernel memory but a kind of kernel-like memory located\nin user address space. \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21869",
"url": "https://www.suse.com/security/cve/CVE-2025-21869"
},
{
"category": "external",
"summary": "SUSE Bug 1240182 for CVE-2025-21869",
"url": "https://bugzilla.suse.com/1240182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers\n\nOther, non DAI copier widgets could have the same stream name (sname) as\nthe ALH copier and in that case the copier-\u003edata is NULL, no alh_data is\nattached, which could lead to NULL pointer dereference.\nWe could check for this NULL pointer in sof_ipc4_prepare_copier_module()\nand avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai()\nwill miscalculate the ALH device count, causing broken audio.\n\nThe correct fix is to harden the matching logic by making sure that the\n1. widget is a DAI widget - so dai = w-\u003eprivate is valid\n2. the dai (and thus the copier) is ALH copier",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21870",
"url": "https://www.suse.com/security/cve/CVE-2025-21870"
},
{
"category": "external",
"summary": "SUSE Bug 1240191 for CVE-2025-21870",
"url": "https://bugzilla.suse.com/1240191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it\u0027s possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21871",
"url": "https://www.suse.com/security/cve/CVE-2025-21871"
},
{
"category": "external",
"summary": "SUSE Bug 1240183 for CVE-2025-21871",
"url": "https://bugzilla.suse.com/1240183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: bsg: Fix crash when arpmb command fails\n\nIf the device doesn\u0027t support arpmb we\u0027ll crash due to copying user data in\nbsg_transport_sg_io_fn().\n\nIn the case where ufs_bsg_exec_advanced_rpmb_req() returns an error, do not\nset the job\u0027s reply_len.\n\nMemory crash backtrace:\n3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22\n\n4,1308,531166555,-;Call Trace:\n\n4,1309,531166559,-; \u003cTASK\u003e\n\n4,1310,531166565,-; ? show_regs+0x6d/0x80\n\n4,1311,531166575,-; ? die+0x37/0xa0\n\n4,1312,531166583,-; ? do_trap+0xd4/0xf0\n\n4,1313,531166593,-; ? do_error_trap+0x71/0xb0\n\n4,1314,531166601,-; ? usercopy_abort+0x6c/0x80\n\n4,1315,531166610,-; ? exc_invalid_op+0x52/0x80\n\n4,1316,531166622,-; ? usercopy_abort+0x6c/0x80\n\n4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20\n\n4,1318,531166643,-; ? usercopy_abort+0x6c/0x80\n\n4,1319,531166652,-; __check_heap_object+0xe3/0x120\n\n4,1320,531166661,-; check_heap_object+0x185/0x1d0\n\n4,1321,531166670,-; __check_object_size.part.0+0x72/0x150\n\n4,1322,531166679,-; __check_object_size+0x23/0x30\n\n4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21873",
"url": "https://www.suse.com/security/cve/CVE-2025-21873"
},
{
"category": "external",
"summary": "SUSE Bug 1240184 for CVE-2025-21873",
"url": "https://bugzilla.suse.com/1240184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21873"
},
{
"cve": "CVE-2025-21875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21875"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: always handle address removal under msk socket lock\n\nSyzkaller reported a lockdep splat in the PM control path:\n\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Modules linked in:\n CPU: 0 UID: 0 PID: 6693 Comm: syz.0.205 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0\n Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\n RIP: 0010:sock_owned_by_me include/net/sock.h:1711 [inline]\n RIP: 0010:msk_owned_by_me net/mptcp/protocol.h:363 [inline]\n RIP: 0010:mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788\n Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ca 7b d3 f5 eb b9 e8 c3 7b d3 f5 90 0f 0b 90 e9 dd fb ff ff e8 b5 7b d3 f5 90 \u003c0f\u003e 0b 90 e9 3e fb ff ff 44 89 f1 80 e1 07 38 c1 0f 8c eb fb ff ff\n RSP: 0000:ffffc900034f6f60 EFLAGS: 00010283\n RAX: ffffffff8bee3c2b RBX: 0000000000000001 RCX: 0000000000080000\n RDX: ffffc90004d42000 RSI: 000000000000a407 RDI: 000000000000a408\n RBP: ffffc900034f7030 R08: ffffffff8bee37f6 R09: 0100000000000000\n R10: dffffc0000000000 R11: ffffed100bcc62e4 R12: ffff88805e6316e0\n R13: ffff88805e630c00 R14: dffffc0000000000 R15: ffff88805e630c00\n FS: 00007f7e9a7e96c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000001b2fd18ff8 CR3: 0000000032c24000 CR4: 00000000003526f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n mptcp_pm_remove_addr+0x103/0x1d0 net/mptcp/pm.c:59\n mptcp_pm_remove_anno_addr+0x1f4/0x2f0 net/mptcp/pm_netlink.c:1486\n mptcp_nl_remove_subflow_and_signal_addr net/mptcp/pm_netlink.c:1518 [inline]\n mptcp_pm_nl_del_addr_doit+0x118d/0x1af0 net/mptcp/pm_netlink.c:1629\n genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0xb1f/0xec0 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x206/0x480 net/netlink/af_netlink.c:2543\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348\n netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1892\n sock_sendmsg_nosec net/socket.c:718 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:733\n ____sys_sendmsg+0x53a/0x860 net/socket.c:2573\n ___sys_sendmsg net/socket.c:2627 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2659\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f7e9998cde9\n Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f7e9a7e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 00007f7e99ba5fa0 RCX: 00007f7e9998cde9\n RDX: 000000002000c094 RSI: 0000400000000000 RDI: 0000000000000007\n RBP: 00007f7e99a0e2a0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 0000000000000000 R14: 00007f7e99ba5fa0 R15: 00007fff49231088\n\nIndeed the PM can try to send a RM_ADDR over a msk without acquiring\nfirst the msk socket lock.\n\nThe bugged code-path comes from an early optimization: when there\nare no subflows, the PM should (usually) not send RM_ADDR\nnotifications.\n\nThe above statement is incorrect, as without locks another process\ncould concur\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21875",
"url": "https://www.suse.com/security/cve/CVE-2025-21875"
},
{
"category": "external",
"summary": "SUSE Bug 1240168 for CVE-2025-21875",
"url": "https://bugzilla.suse.com/1240168"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21875"
},
{
"cve": "CVE-2025-21876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix suspicious RCU usage\n\nCommit \u003cd74169ceb0d2\u003e (\"iommu/vt-d: Allocate DMAR fault interrupts\nlocally\") moved the call to enable_drhd_fault_handling() to a code\npath that does not hold any lock while traversing the drhd list. Fix\nit by ensuring the dmar_global_lock lock is held when traversing the\ndrhd list.\n\nWithout this fix, the following warning is triggered:\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3 #55 Not tainted\n -----------------------------\n drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!!\n other info that might help us debug this:\n rcu_scheduler_active = 1, debug_locks = 1\n 2 locks held by cpuhp/1/23:\n #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n stack backtrace:\n CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xb7/0xd0\n lockdep_rcu_suspicious+0x159/0x1f0\n ? __pfx_enable_drhd_fault_handling+0x10/0x10\n enable_drhd_fault_handling+0x151/0x180\n cpuhp_invoke_callback+0x1df/0x990\n cpuhp_thread_fun+0x1ea/0x2c0\n smpboot_thread_fn+0x1f5/0x2e0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n kthread+0x12a/0x2d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4a/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nHolding the lock in enable_drhd_fault_handling() triggers a lockdep splat\nabout a possible deadlock between dmar_global_lock and cpu_hotplug_lock.\nThis is avoided by not holding dmar_global_lock when calling\niommu_device_register(), which initiates the device probe process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21876",
"url": "https://www.suse.com/security/cve/CVE-2025-21876"
},
{
"category": "external",
"summary": "SUSE Bug 1240179 for CVE-2025-21876",
"url": "https://bugzilla.suse.com/1240179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21877"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: gl620a: fix endpoint checking in genelink_bind()\n\nSyzbot reports [1] a warning in usb_submit_urb() triggered by\ninconsistencies between expected and actually present endpoints\nin gl620a driver. Since genelink_bind() does not properly\nverify whether specified eps are in fact provided by the device,\nin this case, an artificially manufactured one, one may get a\nmismatch.\n\nFix the issue by resorting to a usbnet utility function\nusbnet_get_endpoints(), usually reserved for this very problem.\nCheck for endpoints and return early before proceeding further if\nany are missing.\n\n[1] Syzbot report:\nusb 5-1: Manufacturer: syz\nusb 5-1: SerialNumber: syz\nusb 5-1: config 0 descriptor??\ngl620a 5-1:0.23 usb0: register \u0027gl620a\u0027 at usb-dummy_hcd.0-1, ...\n------------[ cut here ]------------\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 2 PID: 1841 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\nModules linked in:\nCPU: 2 UID: 0 PID: 1841 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-07834-g06afb0f36106 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0x6be/0x2780 drivers/net/usb/usbnet.c:1467\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606\n sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343\n __dev_xmit_skb net/core/dev.c:3827 [inline]\n __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_resolve_output net/core/neighbour.c:1514 [inline]\n neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494\n neigh_output include/net/neighbour.h:539 [inline]\n ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\n ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\n ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247\n dst_output include/net/dst.h:450 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819\n mld_send_cr net/ipv6/mcast.c:2120 [inline]\n mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651\n process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229\n process_scheduled_works kernel/workqueue.c:3310 [inline]\n worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21877",
"url": "https://www.suse.com/security/cve/CVE-2025-21877"
},
{
"category": "external",
"summary": "SUSE Bug 1240172 for CVE-2025-21877",
"url": "https://bugzilla.suse.com/1240172"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21878"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: npcm: disable interrupt enable bit before devm_request_irq\n\nThe customer reports that there is a soft lockup issue related to\nthe i2c driver. After checking, the i2c module was doing a tx transfer\nand the bmc machine reboots in the middle of the i2c transaction, the i2c\nmodule keeps the status without being reset.\n\nDue to such an i2c module status, the i2c irq handler keeps getting\ntriggered since the i2c irq handler is registered in the kernel booting\nprocess after the bmc machine is doing a warm rebooting.\nThe continuous triggering is stopped by the soft lockup watchdog timer.\n\nDisable the interrupt enable bit in the i2c module before calling\ndevm_request_irq to fix this issue since the i2c relative status bit\nis read-only.\n\nHere is the soft lockup log.\n[ 28.176395] watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [swapper/0:1]\n[ 28.183351] Modules linked in:\n[ 28.186407] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.120-yocto-s-dirty-bbebc78 #1\n[ 28.201174] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 28.208128] pc : __do_softirq+0xb0/0x368\n[ 28.212055] lr : __do_softirq+0x70/0x368\n[ 28.215972] sp : ffffff8035ebca00\n[ 28.219278] x29: ffffff8035ebca00 x28: 0000000000000002 x27: ffffff80071a3780\n[ 28.226412] x26: ffffffc008bdc000 x25: ffffffc008bcc640 x24: ffffffc008be50c0\n[ 28.233546] x23: ffffffc00800200c x22: 0000000000000000 x21: 000000000000001b\n[ 28.240679] x20: 0000000000000000 x19: ffffff80001c3200 x18: ffffffffffffffff\n[ 28.247812] x17: ffffffc02d2e0000 x16: ffffff8035eb8b40 x15: 00001e8480000000\n[ 28.254945] x14: 02c3647e37dbfcb6 x13: 02c364f2ab14200c x12: 0000000002c364f2\n[ 28.262078] x11: 00000000fa83b2da x10: 000000000000b67e x9 : ffffffc008010250\n[ 28.269211] x8 : 000000009d983d00 x7 : 7fffffffffffffff x6 : 0000036d74732434\n[ 28.276344] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : 0000000000000198\n[ 28.283476] x2 : ffffffc02d2e0000 x1 : 00000000000000e0 x0 : ffffffc008bdcb40\n[ 28.290611] Call trace:\n[ 28.293052] __do_softirq+0xb0/0x368\n[ 28.296625] __irq_exit_rcu+0xe0/0x100\n[ 28.300374] irq_exit+0x14/0x20\n[ 28.303513] handle_domain_irq+0x68/0x90\n[ 28.307440] gic_handle_irq+0x78/0xb0\n[ 28.311098] call_on_irq_stack+0x20/0x38\n[ 28.315019] do_interrupt_handler+0x54/0x5c\n[ 28.319199] el1_interrupt+0x2c/0x4c\n[ 28.322777] el1h_64_irq_handler+0x14/0x20\n[ 28.326872] el1h_64_irq+0x74/0x78\n[ 28.330269] __setup_irq+0x454/0x780\n[ 28.333841] request_threaded_irq+0xd0/0x1b4\n[ 28.338107] devm_request_threaded_irq+0x84/0x100\n[ 28.342809] npcm_i2c_probe_bus+0x188/0x3d0\n[ 28.346990] platform_probe+0x6c/0xc4\n[ 28.350653] really_probe+0xcc/0x45c\n[ 28.354227] __driver_probe_device+0x8c/0x160\n[ 28.358578] driver_probe_device+0x44/0xe0\n[ 28.362670] __driver_attach+0x124/0x1d0\n[ 28.366589] bus_for_each_dev+0x7c/0xe0\n[ 28.370426] driver_attach+0x28/0x30\n[ 28.373997] bus_add_driver+0x124/0x240\n[ 28.377830] driver_register+0x7c/0x124\n[ 28.381662] __platform_driver_register+0x2c/0x34\n[ 28.386362] npcm_i2c_init+0x3c/0x5c\n[ 28.389937] do_one_initcall+0x74/0x230\n[ 28.393768] kernel_init_freeable+0x24c/0x2b4\n[ 28.398126] kernel_init+0x28/0x130\n[ 28.401614] ret_from_fork+0x10/0x20\n[ 28.405189] Kernel panic - not syncing: softlockup: hung tasks\n[ 28.411011] SMP: stopping secondary CPUs\n[ 28.414933] Kernel Offset: disabled\n[ 28.418412] CPU features: 0x00000000,00000802\n[ 28.427644] Rebooting in 20 seconds..",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21878",
"url": "https://www.suse.com/security/cve/CVE-2025-21878"
},
{
"category": "external",
"summary": "SUSE Bug 1240192 for CVE-2025-21878",
"url": "https://bugzilla.suse.com/1240192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: Reject the shared zeropage in uprobe_write_opcode()\n\nWe triggered the following crash in syzkaller tests:\n\n BUG: Bad page state in process syz.7.38 pfn:1eff3\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3\n flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff)\n raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000\n page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x32/0x50\n bad_page+0x69/0xf0\n free_unref_page_prepare+0x401/0x500\n free_unref_page+0x6d/0x1b0\n uprobe_write_opcode+0x460/0x8e0\n install_breakpoint.part.0+0x51/0x80\n register_for_each_vma+0x1d9/0x2b0\n __uprobe_register+0x245/0x300\n bpf_uprobe_multi_link_attach+0x29b/0x4f0\n link_create+0x1e2/0x280\n __sys_bpf+0x75f/0xac0\n __x64_sys_bpf+0x1a/0x30\n do_syscall_64+0x56/0x100\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\n BUG: Bad rss-counter state mm:00000000452453e0 type:MM_FILEPAGES val:-1\n\nThe following syzkaller test case can be used to reproduce:\n\n r2 = creat(\u0026(0x7f0000000000)=\u0027./file0\\x00\u0027, 0x8)\n write$nbd(r2, \u0026(0x7f0000000580)=ANY=[], 0x10)\n r4 = openat(0xffffffffffffff9c, \u0026(0x7f0000000040)=\u0027./file0\\x00\u0027, 0x42, 0x0)\n mmap$IORING_OFF_SQ_RING(\u0026(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)\n r5 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r5, 0xc018aa3f, \u0026(0x7f0000000040)={0xaa, 0x20})\n r6 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r6, 0xc018aa3f, \u0026(0x7f0000000140))\n ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, \u0026(0x7f0000000100)={{\u0026(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2})\n ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, \u0026(0x7f0000000000)={{\u0026(0x7f0000ffd000/0x1000)=nil, 0x1000}})\n r7 = bpf$PROG_LOAD(0x5, \u0026(0x7f0000000140)={0x2, 0x3, \u0026(0x7f0000000200)=ANY=[@ANYBLOB=\"1800000000120000000000000000000095\"], \u0026(0x7f0000000000)=\u0027GPL\\x00\u0027, 0x7, 0x0, 0x0, 0x0, 0x0, \u0027\\x00\u0027, 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)\n bpf$BPF_LINK_CREATE_XDP(0x1c, \u0026(0x7f0000000040)={r7, 0x0, 0x30, 0x1e, @val=@uprobe_multi={\u0026(0x7f0000000080)=\u0027./file0\\x00\u0027, \u0026(0x7f0000000100)=[0x2], 0x0, 0x0, 0x1}}, 0x40)\n\nThe cause is that zero pfn is set to the PTE without increasing the RSS\ncount in mfill_atomic_pte_zeropage() and the refcount of zero folio does\nnot increase accordingly. Then, the operation on the same pfn is performed\nin uprobe_write_opcode()-\u003e__replace_page() to unconditional decrease the\nRSS count and old_folio\u0027s refcount.\n\nTherefore, two bugs are introduced:\n\n 1. The RSS count is incorrect, when process exit, the check_mm() report\n error \"Bad rss-count\".\n\n 2. The reserved folio (zero folio) is freed when folio-\u003erefcount is zero,\n then free_pages_prepare-\u003efree_page_is_bad() report error\n \"Bad page state\".\n\nThere is more, the following warning could also theoretically be triggered:\n\n __replace_page()\n -\u003e ...\n -\u003e folio_remove_rmap_pte()\n -\u003e VM_WARN_ON_FOLIO(is_zero_folio(folio), folio)\n\nConsidering that uprobe hit on the zero folio is a very rare case, just\nreject zero old folio immediately after get_user_page_vma_remote().\n\n[ mingo: Cleaned up the changelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21881",
"url": "https://www.suse.com/security/cve/CVE-2025-21881"
},
{
"category": "external",
"summary": "SUSE Bug 1240185 for CVE-2025-21881",
"url": "https://bugzilla.suse.com/1240185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21881"
},
{
"cve": "CVE-2025-21883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21883"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix deinitializing VF in error path\n\nIf ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees\nall VFs without removing them from snapshot PF-VF mailbox list, leading\nto list corruption.\n\nReproducer:\n devlink dev eswitch set $PF1_PCI mode switchdev\n ip l s $PF1 up\n ip l s $PF1 promisc on\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n sleep 1\n echo 1 \u003e /sys/class/net/$PF1/device/sriov_numvfs\n\nTrace (minimized):\n list_add corruption. next-\u003eprev should be prev (ffff8882e241c6f0), but was 0000000000000000. (next=ffff888455da1330).\n kernel BUG at lib/list_debug.c:29!\n RIP: 0010:__list_add_valid_or_report+0xa6/0x100\n ice_mbx_init_vf_info+0xa7/0x180 [ice]\n ice_initialize_vf_entry+0x1fa/0x250 [ice]\n ice_sriov_configure+0x8d7/0x1520 [ice]\n ? __percpu_ref_switch_mode+0x1b1/0x5d0\n ? __pfx_ice_sriov_configure+0x10/0x10 [ice]\n\nSometimes a KASAN report can be seen instead with a similar stack trace:\n BUG: KASAN: use-after-free in __list_add_valid_or_report+0xf1/0x100\n\nVFs are added to this list in ice_mbx_init_vf_info(), but only removed\nin ice_free_vfs(). Move the removing to ice_free_vf_entries(), which is\nalso being called in other places where VFs are being removed (including\nice_free_vfs() itself).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21883",
"url": "https://www.suse.com/security/cve/CVE-2025-21883"
},
{
"category": "external",
"summary": "SUSE Bug 1240189 for CVE-2025-21883",
"url": "https://bugzilla.suse.com/1240189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21884"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: better track kernel sockets lifetime\n\nWhile kernel sockets are dismantled during pernet_operations-\u003eexit(),\ntheir freeing can be delayed by any tx packets still held in qdisc\nor device queues, due to skb_set_owner_w() prior calls.\n\nThis then trigger the following warning from ref_tracker_dir_exit() [1]\n\nTo fix this, make sure that kernel sockets own a reference on net-\u003epassive.\n\nAdd sk_net_refcnt_upgrade() helper, used whenever a kernel socket\nis converted to a refcounted one.\n\n[1]\n\n[ 136.263918][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.263918][ T35] sk_alloc+0x2b3/0x370\n[ 136.263918][ T35] inet6_create+0x6ce/0x10f0\n[ 136.263918][ T35] __sock_create+0x4c0/0xa30\n[ 136.263918][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.263918][ T35] igmp6_net_init+0x39/0x390\n[ 136.263918][ T35] ops_init+0x31e/0x590\n[ 136.263918][ T35] setup_net+0x287/0x9e0\n[ 136.263918][ T35] copy_net_ns+0x33f/0x570\n[ 136.263918][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.263918][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.263918][ T35] ksys_unshare+0x57d/0xa70\n[ 136.263918][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.263918][ T35] do_syscall_64+0xf3/0x230\n[ 136.263918][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 136.263918][ T35]\n[ 136.343488][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at\n[ 136.343488][ T35] sk_alloc+0x2b3/0x370\n[ 136.343488][ T35] inet6_create+0x6ce/0x10f0\n[ 136.343488][ T35] __sock_create+0x4c0/0xa30\n[ 136.343488][ T35] inet_ctl_sock_create+0xc2/0x250\n[ 136.343488][ T35] ndisc_net_init+0xa7/0x2b0\n[ 136.343488][ T35] ops_init+0x31e/0x590\n[ 136.343488][ T35] setup_net+0x287/0x9e0\n[ 136.343488][ T35] copy_net_ns+0x33f/0x570\n[ 136.343488][ T35] create_new_namespaces+0x425/0x7b0\n[ 136.343488][ T35] unshare_nsproxy_namespaces+0x124/0x180\n[ 136.343488][ T35] ksys_unshare+0x57d/0xa70\n[ 136.343488][ T35] __x64_sys_unshare+0x38/0x40\n[ 136.343488][ T35] do_syscall_64+0xf3/0x230\n[ 136.343488][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21884",
"url": "https://www.suse.com/security/cve/CVE-2025-21884"
},
{
"category": "external",
"summary": "SUSE Bug 1240171 for CVE-2025-21884",
"url": "https://bugzilla.suse.com/1240171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21884"
},
{
"cve": "CVE-2025-21885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21885"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix the page details for the srq created by kernel consumers\n\nWhile using nvme target with use_srq on, below kernel panic is noticed.\n\n[ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514)\n[ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n..\n[ 566.393799] \u003cTASK\u003e\n[ 566.393807] ? __die_body+0x1a/0x60\n[ 566.393823] ? die+0x38/0x60\n[ 566.393835] ? do_trap+0xe4/0x110\n[ 566.393847] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393867] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393881] ? do_error_trap+0x7c/0x120\n[ 566.393890] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393911] ? exc_divide_error+0x34/0x50\n[ 566.393923] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393939] ? asm_exc_divide_error+0x16/0x20\n[ 566.393966] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393997] bnxt_qplib_create_srq+0xc9/0x340 [bnxt_re]\n[ 566.394040] bnxt_re_create_srq+0x335/0x3b0 [bnxt_re]\n[ 566.394057] ? srso_return_thunk+0x5/0x5f\n[ 566.394068] ? __init_swait_queue_head+0x4a/0x60\n[ 566.394090] ib_create_srq_user+0xa7/0x150 [ib_core]\n[ 566.394147] nvmet_rdma_queue_connect+0x7d0/0xbe0 [nvmet_rdma]\n[ 566.394174] ? lock_release+0x22c/0x3f0\n[ 566.394187] ? srso_return_thunk+0x5/0x5f\n\nPage size and shift info is set only for the user space SRQs.\nSet page size and page shift for kernel space SRQs also.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21885",
"url": "https://www.suse.com/security/cve/CVE-2025-21885"
},
{
"category": "external",
"summary": "SUSE Bug 1240169 for CVE-2025-21885",
"url": "https://bugzilla.suse.com/1240169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21886"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP hang on parent deregistration\n\nFix the destroy_unused_implicit_child_mr() to prevent hanging during\nparent deregistration as of below [1].\n\nUpon entering destroy_unused_implicit_child_mr(), the reference count\nfor the implicit MR parent is incremented using:\nrefcount_inc_not_zero().\n\nA corresponding decrement must be performed if\nfree_implicit_child_mr_work() is not called.\n\nThe code has been updated to properly manage the reference count that\nwas incremented.\n\n[1]\nINFO: task python3:2157 blocked for more than 120 seconds.\nNot tainted 6.12.0-rc7+ #1633\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:python3 state:D stack:0 pid:2157 tgid:2157 ppid:1685 flags:0x00000000\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\n__mlx5_ib_dereg_mr+0x379/0x5d0 [mlx5_ib]\n? __pfx_autoremove_wake_function+0x10/0x10\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n __x64_sys_ioctl+0x1b0/0xa70\n? kmem_cache_free+0x221/0x400\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f20f21f017b\nRSP: 002b:00007ffcfc4a77c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffcfc4a78d8 RCX: 00007f20f21f017b\nRDX: 00007ffcfc4a78c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffcfc4a78a0 R08: 000056147d125190 R09: 00007f20f1f14c60\nR10: 0000000000000001 R11: 0000000000000246 R12: 00007ffcfc4a7890\nR13: 000000000000001c R14: 000056147d100fc0 R15: 00007f20e365c9d0\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21886",
"url": "https://www.suse.com/security/cve/CVE-2025-21886"
},
{
"category": "external",
"summary": "SUSE Bug 1240188 for CVE-2025-21886",
"url": "https://bugzilla.suse.com/1240188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21887"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up\n\nThe issue was caused by dput(upper) being called before\novl_dentry_update_reval(), while upper-\u003ed_flags was still\naccessed in ovl_dentry_remote().\n\nMove dput(upper) after its last use to prevent use-after-free.\n\nBUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\nBUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n ovl_dentry_remote fs/overlayfs/util.c:162 [inline]\n ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167\n ovl_link_up fs/overlayfs/copy_up.c:610 [inline]\n ovl_copy_up_one+0x2105/0x3490 fs/overlayfs/copy_up.c:1170\n ovl_copy_up_flags+0x18d/0x200 fs/overlayfs/copy_up.c:1223\n ovl_rename+0x39e/0x18c0 fs/overlayfs/dir.c:1136\n vfs_rename+0xf84/0x20a0 fs/namei.c:4893\n...\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21887",
"url": "https://www.suse.com/security/cve/CVE-2025-21887"
},
{
"category": "external",
"summary": "SUSE Bug 1240176 for CVE-2025-21887",
"url": "https://bugzilla.suse.com/1240176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21887"
},
{
"cve": "CVE-2025-21888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21888"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a WARN during dereg_mr for DM type\n\nMemory regions (MR) of type DM (device memory) do not have an associated\numem.\n\nIn the __mlx5_ib_dereg_mr() -\u003e mlx5_free_priv_descs() flow, the code\nincorrectly takes the wrong branch, attempting to call\ndma_unmap_single() on a DMA address that is not mapped.\n\nThis results in a WARN [1], as shown below.\n\nThe issue is resolved by properly accounting for the DM type and\nensuring the correct branch is selected in mlx5_free_priv_descs().\n\n[1]\nWARNING: CPU: 12 PID: 1346 at drivers/iommu/dma-iommu.c:1230 iommu_dma_unmap_page+0x79/0x90\nModules linked in: ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry ovelay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\nCPU: 12 UID: 0 PID: 1346 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1631\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:iommu_dma_unmap_page+0x79/0x90\nCode: 2b 49 3b 29 72 26 49 3b 69 08 73 20 4d 89 f0 44 89 e9 4c 89 e2 48 89 ee 48 89 df 5b 5d 41 5c 41 5d 41 5e 41 5f e9 07 b8 88 ff \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 66 0f 1f 44 00\nRSP: 0018:ffffc90001913a10 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88810194b0a8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001\nRBP: ffff88810194b0a8 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f537abdd740(0000) GS:ffff88885fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f537aeb8000 CR3: 000000010c248001 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x84/0x190\n? iommu_dma_unmap_page+0x79/0x90\n? report_bug+0xf8/0x1c0\n? handle_bug+0x55/0x90\n? exc_invalid_op+0x13/0x60\n? asm_exc_invalid_op+0x16/0x20\n? iommu_dma_unmap_page+0x79/0x90\ndma_unmap_page_attrs+0xe6/0x290\nmlx5_free_priv_descs+0xb0/0xe0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x37e/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0x116/0x170 [ib_uverbs]\n? lock_release+0xc6/0x280\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f537adaf17b\nCode: 0f 1e fa 48 8b 05 1d ad 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed ac 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffff218f0b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffff218f1d8 RCX: 00007f537adaf17b\nRDX: 00007ffff218f1c0 RSI: 00000000c0181b01 RDI: 0000000000000003\nRBP: 00007ffff218f1a0 R08: 00007f537aa8d010 R09: 0000561ee2e4f270\nR10: 00007f537aace3a8 R11: 0000000000000246 R12: 00007ffff218f190\nR13: 000000000000001c R14: 0000561ee2e4d7c0 R15: 00007ffff218f450\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21888",
"url": "https://www.suse.com/security/cve/CVE-2025-21888"
},
{
"category": "external",
"summary": "SUSE Bug 1240177 for CVE-2025-21888",
"url": "https://bugzilla.suse.com/1240177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Add RCU read lock protection to perf_iterate_ctx()\n\nThe perf_iterate_ctx() function performs RCU list traversal but\ncurrently lacks RCU read lock protection. This causes lockdep warnings\nwhen running perf probe with unshare(1) under CONFIG_PROVE_RCU_LIST=y:\n\n\tWARNING: suspicious RCU usage\n\tkernel/events/core.c:8168 RCU-list traversed in non-reader section!!\n\n\t Call Trace:\n\t lockdep_rcu_suspicious\n\t ? perf_event_addr_filters_apply\n\t perf_iterate_ctx\n\t perf_event_exec\n\t begin_new_exec\n\t ? load_elf_phdrs\n\t load_elf_binary\n\t ? lock_acquire\n\t ? find_held_lock\n\t ? bprm_execve\n\t bprm_execve\n\t do_execveat_common.isra.0\n\t __x64_sys_execve\n\t do_syscall_64\n\t entry_SYSCALL_64_after_hwframe\n\nThis protection was previously present but was removed in commit\nbd2756811766 (\"perf: Rewrite core context handling\"). Add back the\nnecessary rcu_read_lock()/rcu_read_unlock() pair around\nperf_iterate_ctx() call in perf_event_exec().\n\n[ mingo: Use scoped_guard() as suggested by Peter ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21889",
"url": "https://www.suse.com/security/cve/CVE-2025-21889"
},
{
"category": "external",
"summary": "SUSE Bug 1240167 for CVE-2025-21889",
"url": "https://bugzilla.suse.com/1240167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21889"
},
{
"cve": "CVE-2025-21890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21890"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix checksums set in idpf_rx_rsc()\n\nidpf_rx_rsc() uses skb_transport_offset(skb) while the transport header\nis not set yet.\n\nThis triggers the following warning for CONFIG_DEBUG_NET=y builds.\n\nDEBUG_NET_WARN_ON_ONCE(!skb_transport_header_was_set(skb))\n\n[ 69.261620] WARNING: CPU: 7 PID: 0 at ./include/linux/skbuff.h:3020 idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261629] Modules linked in: vfat fat dummy bridge intel_uncore_frequency_tpmi intel_uncore_frequency_common intel_vsec_tpmi idpf intel_vsec cdc_ncm cdc_eem cdc_ether usbnet mii xhci_pci xhci_hcd ehci_pci ehci_hcd libeth\n[ 69.261644] CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Tainted: G S W 6.14.0-smp-DEV #1697\n[ 69.261648] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN\n[ 69.261650] RIP: 0010:idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261677] ? __warn (kernel/panic.c:242 kernel/panic.c:748)\n[ 69.261682] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261687] ? report_bug (lib/bug.c:?)\n[ 69.261690] ? handle_bug (arch/x86/kernel/traps.c:285)\n[ 69.261694] ? exc_invalid_op (arch/x86/kernel/traps.c:309)\n[ 69.261697] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 69.261700] ? __pfx_idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:4011) idpf\n[ 69.261704] ? idpf_vport_splitq_napi_poll (include/linux/skbuff.h:3020) idpf\n[ 69.261708] ? idpf_vport_splitq_napi_poll (drivers/net/ethernet/intel/idpf/idpf_txrx.c:3072) idpf\n[ 69.261712] __napi_poll (net/core/dev.c:7194)\n[ 69.261716] net_rx_action (net/core/dev.c:7265)\n[ 69.261718] ? __qdisc_run (net/sched/sch_generic.c:293)\n[ 69.261721] ? sched_clock (arch/x86/include/asm/preempt.h:84 arch/x86/kernel/tsc.c:288)\n[ 69.261726] handle_softirqs (kernel/softirq.c:561)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21890",
"url": "https://www.suse.com/security/cve/CVE-2025-21890"
},
{
"category": "external",
"summary": "SUSE Bug 1240173 for CVE-2025-21890",
"url": "https://bugzilla.suse.com/1240173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21891",
"url": "https://www.suse.com/security/cve/CVE-2025-21891"
},
{
"category": "external",
"summary": "SUSE Bug 1240186 for CVE-2025-21891",
"url": "https://bugzilla.suse.com/1240186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21892"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix the recovery flow of the UMR QP\n\nThis patch addresses an issue in the recovery flow of the UMR QP,\nensuring tasks do not get stuck, as highlighted by the call trace [1].\n\nDuring recovery, before transitioning the QP to the RESET state, the\nsoftware must wait for all outstanding WRs to complete.\n\nFailing to do so can cause the firmware to skip sending some flushed\nCQEs with errors and simply discard them upon the RESET, as per the IB\nspecification.\n\nThis race condition can result in lost CQEs and tasks becoming stuck.\n\nTo resolve this, the patch sends a final WR which serves only as a\nbarrier before moving the QP state to RESET.\n\nOnce a CQE is received for that final WR, it guarantees that no\noutstanding WRs remain, making it safe to transition the QP to RESET and\nsubsequently back to RTS, restoring proper functionality.\n\nNote:\nFor the barrier WR, we simply reuse the failed and ready WR.\nSince the QP is in an error state, it will only receive\nIB_WC_WR_FLUSH_ERR. However, as it serves only as a barrier we don\u0027t\ncare about its status.\n\n[1]\nINFO: task rdma_resource_l:1922 blocked for more than 120 seconds.\nTainted: G W 6.12.0-rc7+ #1626\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:rdma_resource_l state:D stack:0 pid:1922 tgid:1922 ppid:1369\n flags:0x00004004\nCall Trace:\n\u003cTASK\u003e\n__schedule+0x420/0xd30\nschedule+0x47/0x130\nschedule_timeout+0x280/0x300\n? mark_held_locks+0x48/0x80\n? lockdep_hardirqs_on_prepare+0xe5/0x1a0\nwait_for_completion+0x75/0x130\nmlx5r_umr_post_send_wait+0x3c2/0x5b0 [mlx5_ib]\n? __pfx_mlx5r_umr_done+0x10/0x10 [mlx5_ib]\nmlx5r_umr_revoke_mr+0x93/0xc0 [mlx5_ib]\n__mlx5_ib_dereg_mr+0x299/0x520 [mlx5_ib]\n? _raw_spin_unlock_irq+0x24/0x40\n? wait_for_completion+0xfe/0x130\n? rdma_restrack_put+0x63/0xe0 [ib_core]\nib_dereg_mr_user+0x5f/0x120 [ib_core]\n? lock_release+0xc6/0x280\ndestroy_hw_idr_uobject+0x1d/0x60 [ib_uverbs]\nuverbs_destroy_uobject+0x58/0x1d0 [ib_uverbs]\nuobj_destroy+0x3f/0x70 [ib_uverbs]\nib_uverbs_cmd_verbs+0x3e4/0xbb0 [ib_uverbs]\n? __pfx_uverbs_destroy_def_handler+0x10/0x10 [ib_uverbs]\n? __lock_acquire+0x64e/0x2080\n? mark_held_locks+0x48/0x80\n? find_held_lock+0x2d/0xa0\n? lock_acquire+0xc1/0x2f0\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n? __fget_files+0xc3/0x1b0\nib_uverbs_ioctl+0xe7/0x170 [ib_uverbs]\n? ib_uverbs_ioctl+0xcb/0x170 [ib_uverbs]\n__x64_sys_ioctl+0x1b0/0xa70\ndo_syscall_64+0x6b/0x140\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f99c918b17b\nRSP: 002b:00007ffc766d0468 EFLAGS: 00000246 ORIG_RAX:\n 0000000000000010\nRAX: ffffffffffffffda RBX: 00007ffc766d0578 RCX:\n 00007f99c918b17b\nRDX: 00007ffc766d0560 RSI: 00000000c0181b01 RDI:\n 0000000000000003\nRBP: 00007ffc766d0540 R08: 00007f99c8f99010 R09:\n 000000000000bd7e\nR10: 00007f99c94c1c70 R11: 0000000000000246 R12:\n 00007ffc766d0530\nR13: 000000000000001c R14: 0000000040246a80 R15:\n 0000000000000000\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21892",
"url": "https://www.suse.com/security/cve/CVE-2025-21892"
},
{
"category": "external",
"summary": "SUSE Bug 1240175 for CVE-2025-21892",
"url": "https://bugzilla.suse.com/1240175"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21892"
},
{
"cve": "CVE-2025-21894",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21894"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC\n\nActually ENETC VFs do not support HWTSTAMP_TX_ONESTEP_SYNC because only\nENETC PF can access PMa_SINGLE_STEP registers. And there will be a crash\nif VFs are used to test one-step timestamp, the crash log as follows.\n\n[ 129.110909] Unable to handle kernel paging request at virtual address 00000000000080c0\n[ 129.287769] Call trace:\n[ 129.290219] enetc_port_mac_wr+0x30/0xec (P)\n[ 129.294504] enetc_start_xmit+0xda4/0xe74\n[ 129.298525] enetc_xmit+0x70/0xec\n[ 129.301848] dev_hard_start_xmit+0x98/0x118",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21894",
"url": "https://www.suse.com/security/cve/CVE-2025-21894"
},
{
"category": "external",
"summary": "SUSE Bug 1240581 for CVE-2025-21894",
"url": "https://bugzilla.suse.com/1240581"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21894"
},
{
"cve": "CVE-2025-21895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Order the PMU list to fix warning about unordered pmu_ctx_list\n\nSyskaller triggers a warning due to prev_epc-\u003epmu != next_epc-\u003epmu in\nperf_event_swap_task_ctx_data(). vmcore shows that two lists have the same\nperf_event_pmu_context, but not in the same order.\n\nThe problem is that the order of pmu_ctx_list for the parent is impacted by\nthe time when an event/PMU is added. While the order for a child is\nimpacted by the event order in the pinned_groups and flexible_groups. So\nthe order of pmu_ctx_list in the parent and child may be different.\n\nTo fix this problem, insert the perf_event_pmu_context to its proper place\nafter iteration of the pmu_ctx_list.\n\nThe follow testcase can trigger above warning:\n\n # perf record -e cycles --call-graph lbr -- taskset -c 3 ./a.out \u0026\n # perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out\n\n test.c\n\n void main() {\n int count = 0;\n pid_t pid;\n\n printf(\"%d running\\n\", getpid());\n sleep(30);\n printf(\"running\\n\");\n\n pid = fork();\n if (pid == -1) {\n printf(\"fork error\\n\");\n return;\n }\n if (pid == 0) {\n while (1) {\n count++;\n }\n } else {\n while (1) {\n count++;\n }\n }\n }\n\nThe testcase first opens an LBR event, so it will allocate task_ctx_data,\nand then open tracepoint and software events, so the parent context will\nhave 3 different perf_event_pmu_contexts. On inheritance, child ctx will\ninsert the perf_event_pmu_context in another order and the warning will\ntrigger.\n\n[ mingo: Tidied up the changelog. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21895",
"url": "https://www.suse.com/security/cve/CVE-2025-21895"
},
{
"category": "external",
"summary": "SUSE Bug 1240585 for CVE-2025-21895",
"url": "https://bugzilla.suse.com/1240585"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21895"
},
{
"cve": "CVE-2025-21905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21905"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: limit printed string from FW file\n\nThere\u0027s no guarantee here that the file is always with a\nNUL-termination, so reading the string may read beyond the\nend of the TLV. If that\u0027s the last TLV in the file, it can\nperhaps even read beyond the end of the file buffer.\n\nFix that by limiting the print format to the size of the\nbuffer we have.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21905",
"url": "https://www.suse.com/security/cve/CVE-2025-21905"
},
{
"category": "external",
"summary": "SUSE Bug 1240575 for CVE-2025-21905",
"url": "https://bugzilla.suse.com/1240575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21905"
},
{
"cve": "CVE-2025-21906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21906"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: clean up ROC on failure\n\nIf the firmware fails to start the session protection, then we\ndo call iwl_mvm_roc_finished() here, but that won\u0027t do anything\nat all because IWL_MVM_STATUS_ROC_P2P_RUNNING was never set.\nSet IWL_MVM_STATUS_ROC_P2P_RUNNING in the failure/stop path.\nIf it started successfully before, it\u0027s already set, so that\ndoesn\u0027t matter, and if it didn\u0027t start it needs to be set to\nclean up.\n\nNot doing so will lead to a WARN_ON() later on a fresh remain-\non-channel, since the link is already active when activated as\nit was never deactivated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21906",
"url": "https://www.suse.com/security/cve/CVE-2025-21906"
},
{
"category": "external",
"summary": "SUSE Bug 1240587 for CVE-2025-21906",
"url": "https://bugzilla.suse.com/1240587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21906"
},
{
"cve": "CVE-2025-21908",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21908"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\n\nAdd PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so\nnfs_release_folio() can skip calling nfs_wb_folio() from kcompactd.\n\nOtherwise NFS can deadlock waiting for kcompactd enduced writeback which\nrecurses back to NFS (which triggers writeback to NFSD via NFS loopback\nmount on the same host, NFSD blocks waiting for XFS\u0027s call to\n__filemap_get_folio):\n\n6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds.\n\n{---\n[58] \"kcompactd0\"\n[\u003c0\u003e] folio_wait_bit+0xe8/0x200\n[\u003c0\u003e] folio_wait_writeback+0x2b/0x80\n[\u003c0\u003e] nfs_wb_folio+0x80/0x1b0 [nfs]\n[\u003c0\u003e] nfs_release_folio+0x68/0x130 [nfs]\n[\u003c0\u003e] split_huge_page_to_list_to_order+0x362/0x840\n[\u003c0\u003e] migrate_pages_batch+0x43d/0xb90\n[\u003c0\u003e] migrate_pages_sync+0x9a/0x240\n[\u003c0\u003e] migrate_pages+0x93c/0x9f0\n[\u003c0\u003e] compact_zone+0x8e2/0x1030\n[\u003c0\u003e] compact_node+0xdb/0x120\n[\u003c0\u003e] kcompactd+0x121/0x2e0\n[\u003c0\u003e] kthread+0xcf/0x100\n[\u003c0\u003e] ret_from_fork+0x31/0x40\n[\u003c0\u003e] ret_from_fork_asm+0x1a/0x30\n---}\n\n[akpm@linux-foundation.org: fix build]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21908",
"url": "https://www.suse.com/security/cve/CVE-2025-21908"
},
{
"category": "external",
"summary": "SUSE Bug 1240600 for CVE-2025-21908",
"url": "https://bugzilla.suse.com/1240600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21908"
},
{
"cve": "CVE-2025-21909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject cooked mode if it is set along with other flags\n\nIt is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE\nflags simultaneously on the same monitor interface from the userspace. This\ncauses a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit\nset because the monitor interface is in the cooked state and it takes\nprecedence over all other states. When the interface is then being deleted\nthe kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing\nthat bit.\n\nFix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with\nother flags.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21909",
"url": "https://www.suse.com/security/cve/CVE-2025-21909"
},
{
"category": "external",
"summary": "SUSE Bug 1240590 for CVE-2025-21909",
"url": "https://bugzilla.suse.com/1240590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21909"
},
{
"cve": "CVE-2025-21910",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21910"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: regulatory: improve invalid hints checking\n\nSyzbot keeps reporting an issue [1] that occurs when erroneous symbols\nsent from userspace get through into user_alpha2[] via\nregulatory_hint_user() call. Such invalid regulatory hints should be\nrejected.\n\nWhile a sanity check from commit 47caf685a685 (\"cfg80211: regulatory:\nreject invalid hints\") looks to be enough to deter these very cases,\nthere is a way to get around it due to 2 reasons.\n\n1) The way isalpha() works, symbols other than latin lower and\nupper letters may be used to determine a country/domain.\nFor instance, greek letters will also be considered upper/lower\nletters and for such characters isalpha() will return true as well.\nHowever, ISO-3166-1 alpha2 codes should only hold latin\ncharacters.\n\n2) While processing a user regulatory request, between\nreg_process_hint_user() and regulatory_hint_user() there happens to\nbe a call to queue_regulatory_request() which modifies letters in\nrequest-\u003ealpha2[] with toupper(). This works fine for latin symbols,\nless so for weird letter characters from the second part of _ctype[].\n\nSyzbot triggers a warning in is_user_regdom_saved() by first sending\nover an unexpected non-latin letter that gets malformed by toupper()\ninto a character that ends up failing isalpha() check.\n\nPrevent this by enhancing is_an_alpha2() to ensure that incoming\nsymbols are latin letters and nothing else.\n\n[1] Syzbot report:\n------------[ cut here ]------------\nUnexpected user alpha2: A\ufffd\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 is_user_regdom_saved net/wireless/reg.c:440 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_alpha2 net/wireless/reg.c:3424 [inline]\nWARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\nModules linked in:\nCPU: 1 UID: 0 PID: 964 Comm: kworker/1:2 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events_power_efficient crda_timeout_work\nRIP: 0010:is_user_regdom_saved net/wireless/reg.c:440 [inline]\nRIP: 0010:restore_alpha2 net/wireless/reg.c:3424 [inline]\nRIP: 0010:restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516\n...\nCall Trace:\n \u003cTASK\u003e\n crda_timeout_work+0x27/0x50 net/wireless/reg.c:542\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f2/0x390 kernel/kthread.c:389\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21910",
"url": "https://www.suse.com/security/cve/CVE-2025-21910"
},
{
"category": "external",
"summary": "SUSE Bug 1240583 for CVE-2025-21910",
"url": "https://bugzilla.suse.com/1240583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21910"
},
{
"cve": "CVE-2025-21912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: rcar: Use raw_spinlock to protect register access\n\nUse raw_spinlock in order to fix spurious messages about invalid context\nwhen spinlock debugging is enabled. The lock is only used to serialize\nregister access.\n\n [ 4.239592] =============================\n [ 4.239595] [ BUG: Invalid wait context ]\n [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted\n [ 4.239603] -----------------------------\n [ 4.239606] kworker/u8:5/76 is trying to lock:\n [ 4.239609] ffff0000091898a0 (\u0026p-\u003elock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.239641] other info that might help us debug this:\n [ 4.239643] context-{5:5}\n [ 4.239646] 5 locks held by kworker/u8:5/76:\n [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c\n [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n [ 4.254094] #1: ffff80008299bd80 ((work_completion)(\u0026entry-\u003ework)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c\n [ 4.254109] #2: ffff00000920c8f8\n [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027bitclock-master\u0027 with a value.\n [ 4.264803] (\u0026dev-\u003emutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc\n [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690\n [ 4.264840] #4:\n [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property \u0027frame-master\u0027 with a value.\n [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690\n [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz\n [ 4.304082] stack backtrace:\n [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35\n [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT)\n [ 4.304097] Workqueue: async async_run_entry_fn\n [ 4.304106] Call trace:\n [ 4.304110] show_stack+0x14/0x20 (C)\n [ 4.304122] dump_stack_lvl+0x6c/0x90\n [ 4.304131] dump_stack+0x14/0x1c\n [ 4.304138] __lock_acquire+0xdfc/0x1584\n [ 4.426274] lock_acquire+0x1c4/0x33c\n [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80\n [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8\n [ 4.444422] __irq_set_trigger+0x5c/0x178\n [ 4.448435] __setup_irq+0x2e4/0x690\n [ 4.452012] request_threaded_irq+0xc4/0x190\n [ 4.456285] devm_request_threaded_irq+0x7c/0xf4\n [ 4.459398] ata1: link resume succeeded after 1 retries\n [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0\n [ 4.470660] mmc_start_host+0x50/0xac\n [ 4.474327] mmc_add_host+0x80/0xe4\n [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440\n [ 4.482094] renesas_sdhi_probe+0x488/0x6f4\n [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78\n [ 4.491509] platform_probe+0x64/0xd8\n [ 4.495178] really_probe+0xb8/0x2a8\n [ 4.498756] __driver_probe_device+0x74/0x118\n [ 4.503116] driver_probe_device+0x3c/0x154\n [ 4.507303] __device_attach_driver+0xd4/0x160\n [ 4.511750] bus_for_each_drv+0x84/0xe0\n [ 4.515588] __device_attach_async_helper+0xb0/0xdc\n [ 4.520470] async_run_entry_fn+0x30/0xd8\n [ 4.524481] process_one_work+0x210/0x62c\n [ 4.528494] worker_thread+0x1ac/0x340\n [ 4.532245] kthread+0x10c/0x110\n [ 4.535476] ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21912",
"url": "https://www.suse.com/security/cve/CVE-2025-21912"
},
{
"category": "external",
"summary": "SUSE Bug 1240584 for CVE-2025-21912",
"url": "https://bugzilla.suse.com/1240584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21912"
},
{
"cve": "CVE-2025-21913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21913"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()\n\nXen doesn\u0027t offer MSR_FAM10H_MMIO_CONF_BASE to all guests. This results\nin the following warning:\n\n unchecked MSR access error: RDMSR from 0xc0010058 at rIP: 0xffffffff8101d19f (xen_do_read_msr+0x7f/0xa0)\n Call Trace:\n xen_read_msr+0x1e/0x30\n amd_get_mmconfig_range+0x2b/0x80\n quirk_amd_mmconfig_area+0x28/0x100\n pnp_fixup_device+0x39/0x50\n __pnp_add_device+0xf/0x150\n pnp_add_device+0x3d/0x100\n pnpacpi_add_device_handler+0x1f9/0x280\n acpi_ns_get_device_callback+0x104/0x1c0\n acpi_ns_walk_namespace+0x1d0/0x260\n acpi_get_devices+0x8a/0xb0\n pnpacpi_init+0x50/0x80\n do_one_initcall+0x46/0x2e0\n kernel_init_freeable+0x1da/0x2f0\n kernel_init+0x16/0x1b0\n ret_from_fork+0x30/0x50\n ret_from_fork_asm+0x1b/0x30\n\nbased on quirks for a \"PNP0c01\" device. Treating MMCFG as disabled is the\nright course of action, so no change is needed there.\n\nThis was most likely exposed by fixing the Xen MSR accessors to not be\nsilently-safe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21913",
"url": "https://www.suse.com/security/cve/CVE-2025-21913"
},
{
"category": "external",
"summary": "SUSE Bug 1240591 for CVE-2025-21913",
"url": "https://bugzilla.suse.com/1240591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21913"
},
{
"cve": "CVE-2025-21914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21914"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nslimbus: messaging: Free transaction ID in delayed interrupt scenario\n\nIn case of interrupt delay for any reason, slim_do_transfer()\nreturns timeout error but the transaction ID (TID) is not freed.\nThis results into invalid memory access inside\nqcom_slim_ngd_rx_msgq_cb() due to invalid TID.\n\nFix the issue by freeing the TID in slim_do_transfer() before\nreturning timeout error to avoid invalid memory access.\n\nCall trace:\n__memcpy_fromio+0x20/0x190\nqcom_slim_ngd_rx_msgq_cb+0x130/0x290 [slim_qcom_ngd_ctrl]\nvchan_complete+0x2a0/0x4a0\ntasklet_action_common+0x274/0x700\ntasklet_action+0x28/0x3c\n_stext+0x188/0x620\nrun_ksoftirqd+0x34/0x74\nsmpboot_thread_fn+0x1d8/0x464\nkthread+0x178/0x238\nret_from_fork+0x10/0x20\nCode: aa0003e8 91000429 f100044a 3940002b (3800150b)\n---[ end trace 0fe00bec2b975c99 ]---\nKernel panic - not syncing: Oops: Fatal exception in interrupt.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21914",
"url": "https://www.suse.com/security/cve/CVE-2025-21914"
},
{
"category": "external",
"summary": "SUSE Bug 1240595 for CVE-2025-21914",
"url": "https://bugzilla.suse.com/1240595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21914"
},
{
"cve": "CVE-2025-21915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21915"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncdx: Fix possible UAF error in driver_override_show()\n\nFixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c\n\nThis function driver_override_show() is part of DEVICE_ATTR_RW, which\nincludes both driver_override_show() and driver_override_store().\nThese functions can be executed concurrently in sysfs.\n\nThe driver_override_store() function uses driver_set_override() to\nupdate the driver_override value, and driver_set_override() internally\nlocks the device (device_lock(dev)). If driver_override_show() reads\ncdx_dev-\u003edriver_override without locking, it could potentially access\na freed pointer if driver_override_store() frees the string\nconcurrently. This could lead to printing a kernel address, which is a\nsecurity risk since DEVICE_ATTR can be read by all users.\n\nAdditionally, a similar pattern is used in drivers/amba/bus.c, as well\nas many other bus drivers, where device_lock() is taken in the show\nfunction, and it has been working without issues.\n\nThis potential bug was detected by our experimental static analysis\ntool, which analyzes locking APIs and paired functions to identify\ndata races and atomicity violations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21915",
"url": "https://www.suse.com/security/cve/CVE-2025-21915"
},
{
"category": "external",
"summary": "SUSE Bug 1240594 for CVE-2025-21915",
"url": "https://bugzilla.suse.com/1240594"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21915"
},
{
"cve": "CVE-2025-21916",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21916"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix a flaw in existing endpoint checks\n\nSyzbot once again identified a flaw in usb endpoint checking, see [1].\nThis time the issue stems from a commit authored by me (2eabb655a968\n(\"usb: atm: cxacru: fix endpoint checking in cxacru_bind()\")).\n\nWhile using usb_find_common_endpoints() may usually be enough to\ndiscard devices with wrong endpoints, in this case one needs more\nthan just finding and identifying the sufficient number of endpoints\nof correct types - one needs to check the endpoint\u0027s address as well.\n\nSince cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind,\nswitch the endpoint verification approach to usb_check_XXX_endpoints()\ninstead to fix incomplete ep testing.\n\n[1] Syzbot report:\nusb 5-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nRIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649\n cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline]\n cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223\n usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058\n cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377\n usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396\n really_probe+0x2b9/0xad0 drivers/base/dd.c:658\n __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800\n driver_probe_device+0x50/0x430 drivers/base/dd.c:830\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21916",
"url": "https://www.suse.com/security/cve/CVE-2025-21916"
},
{
"category": "external",
"summary": "SUSE Bug 1240582 for CVE-2025-21916",
"url": "https://bugzilla.suse.com/1240582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21916"
},
{
"cve": "CVE-2025-21917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21917"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Flush the notify_hotplug_work\n\nWhen performing continuous unbind/bind operations on the USB drivers\navailable on the Renesas RZ/G2L SoC, a kernel crash with the message\n\"Unable to handle kernel NULL pointer dereference at virtual address\"\nmay occur. This issue points to the usbhsc_notify_hotplug() function.\n\nFlush the delayed work to avoid its execution when driver resources are\nunavailable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21917",
"url": "https://www.suse.com/security/cve/CVE-2025-21917"
},
{
"category": "external",
"summary": "SUSE Bug 1240596 for CVE-2025-21917",
"url": "https://bugzilla.suse.com/1240596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21917"
},
{
"cve": "CVE-2025-21918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix NULL pointer access\n\nResources should be released only after all threads that utilize them\nhave been destroyed.\nThis commit ensures that resources are not released prematurely by waiting\nfor the associated workqueue to complete before deallocating them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21918",
"url": "https://www.suse.com/security/cve/CVE-2025-21918"
},
{
"category": "external",
"summary": "SUSE Bug 1240592 for CVE-2025-21918",
"url": "https://bugzilla.suse.com/1240592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21918"
},
{
"cve": "CVE-2025-21922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21922"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: Fix KMSAN uninit-value warning with bpf\n\nSyzbot caught an \"KMSAN: uninit-value\" warning [1], which is caused by the\nppp driver not initializing a 2-byte header when using socket filter.\n\nThe following code can generate a PPP filter BPF program:\n\u0027\u0027\u0027\nstruct bpf_program fp;\npcap_t *handle;\nhandle = pcap_open_dead(DLT_PPP_PPPD, 65535);\npcap_compile(handle, \u0026fp, \"ip and outbound\", 0, 0);\nbpf_dump(\u0026fp, 1);\n\u0027\u0027\u0027\nIts output is:\n\u0027\u0027\u0027\n(000) ldh [2]\n(001) jeq #0x21 jt 2 jf 5\n(002) ldb [0]\n(003) jeq #0x1 jt 4 jf 5\n(004) ret #65535\n(005) ret #0\n\u0027\u0027\u0027\nWen can find similar code at the following link:\nhttps://github.com/ppp-project/ppp/blob/master/pppd/options.c#L1680\nThe maintainer of this code repository is also the original maintainer\nof the ppp driver.\n\nAs you can see the BPF program skips 2 bytes of data and then reads the\n\u0027Protocol\u0027 field to determine if it\u0027s an IP packet. Then it read the first\nbyte of the first 2 bytes to determine the direction.\n\nThe issue is that only the first byte indicating direction is initialized\nin current ppp driver code while the second byte is not initialized.\n\nFor normal BPF programs generated by libpcap, uninitialized data won\u0027t be\nused, so it\u0027s not a problem. However, for carefully crafted BPF programs,\nsuch as those generated by syzkaller [2], which start reading from offset\n0, the uninitialized data will be used and caught by KMSAN.\n\n[1] https://syzkaller.appspot.com/bug?extid=853242d9c9917165d791\n[2] https://syzkaller.appspot.com/text?tag=ReproC\u0026x=11994913980000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21922",
"url": "https://www.suse.com/security/cve/CVE-2025-21922"
},
{
"category": "external",
"summary": "SUSE Bug 1240639 for CVE-2025-21922",
"url": "https://bugzilla.suse.com/1240639"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21922"
},
{
"cve": "CVE-2025-21923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-steam: Fix use-after-free when detaching device\n\nWhen a hid-steam device is removed it must clean up the client_hdev used for\nintercepting hidraw access. This can lead to scheduling deferred work to\nreattach the input device. Though the cleanup cancels the deferred work, this\nwas done before the client_hdev itself is cleaned up, so it gets rescheduled.\nThis patch fixes the ordering to make sure the deferred work is properly\ncanceled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21923",
"url": "https://www.suse.com/security/cve/CVE-2025-21923"
},
{
"category": "external",
"summary": "SUSE Bug 1240691 for CVE-2025-21923",
"url": "https://bugzilla.suse.com/1240691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21923"
},
{
"cve": "CVE-2025-21924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error\n\nDuring the initialization of ptp, hclge_ptp_get_cycle might return an error\nand returned directly without unregister clock and free it. To avoid that,\ncall hclge_ptp_destroy_clock to unregist and free clock if\nhclge_ptp_get_cycle failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21924",
"url": "https://www.suse.com/security/cve/CVE-2025-21924"
},
{
"category": "external",
"summary": "SUSE Bug 1240720 for CVE-2025-21924",
"url": "https://bugzilla.suse.com/1240720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21924"
},
{
"cve": "CVE-2025-21927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21927"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()\n\nnvme_tcp_recv_pdu() doesn\u0027t check the validity of the header length.\nWhen header digests are enabled, a target might send a packet with an\ninvalid header length (e.g. 255), causing nvme_tcp_verify_hdgst()\nto access memory outside the allocated area and cause memory corruptions\nby overwriting it with the calculated digest.\n\nFix this by rejecting packets with an unexpected header length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21927",
"url": "https://www.suse.com/security/cve/CVE-2025-21927"
},
{
"category": "external",
"summary": "SUSE Bug 1240714 for CVE-2025-21927",
"url": "https://bugzilla.suse.com/1240714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21927"
},
{
"cve": "CVE-2025-21928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21928"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()\n\nThe system can experience a random crash a few minutes after the driver is\nremoved. This issue occurs due to improper handling of memory freeing in\nthe ishtp_hid_remove() function.\n\nThe function currently frees the `driver_data` directly within the loop\nthat destroys the HID devices, which can lead to accessing freed memory.\nSpecifically, `hid_destroy_device()` uses `driver_data` when it calls\n`hid_ishtp_set_feature()` to power off the sensor, so freeing\n`driver_data` beforehand can result in accessing invalid memory.\n\nThis patch resolves the issue by storing the `driver_data` in a temporary\nvariable before calling `hid_destroy_device()`, and then freeing the\n`driver_data` after the device is destroyed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21928",
"url": "https://www.suse.com/security/cve/CVE-2025-21928"
},
{
"category": "external",
"summary": "SUSE Bug 1240722 for CVE-2025-21928",
"url": "https://bugzilla.suse.com/1240722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21928"
},
{
"cve": "CVE-2025-21930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21930"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t try to talk to a dead firmware\n\nThis fixes:\n\n bad state = 0\n WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwl_trans_send_cmd+0xba/0xe0 [iwlwifi]\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0xca/0x1c0\n ? iwl_trans_send_cmd+0xba/0xe0 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4]\n iwl_fw_dbg_clear_monitor_buf+0xd7/0x110 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4]\n _iwl_dbgfs_fw_dbg_clear_write+0xe2/0x120 [iwlmvm 0e8adb18cea92d2c341766bcc10b18699290068a]\n\nAsk whether the firmware is alive before sending a command.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21930",
"url": "https://www.suse.com/security/cve/CVE-2025-21930"
},
{
"category": "external",
"summary": "SUSE Bug 1240715 for CVE-2025-21930",
"url": "https://bugzilla.suse.com/1240715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21930"
},
{
"cve": "CVE-2025-21934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: fix an API misues when rio_add_net() fails\n\nrio_add_net() calls device_register() and fails when device_register()\nfails. Thus, put_device() should be used rather than kfree(). Add\n\"mport-\u003enet = NULL;\" to avoid a use after free issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21934",
"url": "https://www.suse.com/security/cve/CVE-2025-21934"
},
{
"category": "external",
"summary": "SUSE Bug 1240708 for CVE-2025-21934",
"url": "https://bugzilla.suse.com/1240708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21934"
},
{
"cve": "CVE-2025-21935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21935"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: add check for rio_add_net() in rio_scan_alloc_net()\n\nThe return value of rio_add_net() should be checked. If it fails,\nput_device() should be called to free the memory and give up the reference\ninitialized in rio_add_net().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21935",
"url": "https://www.suse.com/security/cve/CVE-2025-21935"
},
{
"category": "external",
"summary": "SUSE Bug 1240700 for CVE-2025-21935",
"url": "https://bugzilla.suse.com/1240700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21935"
},
{
"cve": "CVE-2025-21936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21936"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_device_connected() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21936",
"url": "https://www.suse.com/security/cve/CVE-2025-21936"
},
{
"category": "external",
"summary": "SUSE Bug 1240716 for CVE-2025-21936",
"url": "https://bugzilla.suse.com/1240716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21936"
},
{
"cve": "CVE-2025-21937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()\n\nAdd check for the return value of mgmt_alloc_skb() in\nmgmt_remote_name() to prevent null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21937",
"url": "https://www.suse.com/security/cve/CVE-2025-21937"
},
{
"category": "external",
"summary": "SUSE Bug 1240643 for CVE-2025-21937",
"url": "https://bugzilla.suse.com/1240643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21937"
},
{
"cve": "CVE-2025-21941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21941"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check for pipe_ctx-\u003eplane_state in resource_build_scaling_params\n\nNull pointer dereference issue could occur when pipe_ctx-\u003eplane_state\nis null. The fix adds a check to ensure \u0027pipe_ctx-\u003eplane_state\u0027 is not\nnull before accessing. This prevents a null pointer dereference.\n\nFound by code review.\n\n(cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21941",
"url": "https://www.suse.com/security/cve/CVE-2025-21941"
},
{
"category": "external",
"summary": "SUSE Bug 1240701 for CVE-2025-21941",
"url": "https://bugzilla.suse.com/1240701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21941"
},
{
"cve": "CVE-2025-21943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: aggregator: protect driver attr handlers against module unload\n\nBoth new_device_store and delete_device_store touch module global\nresources (e.g. gpio_aggregator_lock). To prevent race conditions with\nmodule unload, a reference needs to be held.\n\nAdd try_module_get() in these handlers.\n\nFor new_device_store, this eliminates what appears to be the most dangerous\nscenario: if an id is allocated from gpio_aggregator_idr but\nplatform_device_register has not yet been called or completed, a concurrent\nmodule unload could fail to unregister/delete the device, leaving behind a\ndangling platform device/GPIO forwarder. This can result in various issues.\nThe following simple reproducer demonstrates these problems:\n\n #!/bin/bash\n while :; do\n # note: whether \u0027gpiochip0 0\u0027 exists or not does not matter.\n echo \u0027gpiochip0 0\u0027 \u003e /sys/bus/platform/drivers/gpio-aggregator/new_device\n done \u0026\n while :; do\n modprobe gpio-aggregator\n modprobe -r gpio-aggregator\n done \u0026\n wait\n\n Starting with the following warning, several kinds of warnings will appear\n and the system may become unstable:\n\n ------------[ cut here ]------------\n list_del corruption, ffff888103e2e980-\u003enext is LIST_POISON1 (dead000000000100)\n WARNING: CPU: 1 PID: 1327 at lib/list_debug.c:56 __list_del_entry_valid_or_report+0xa3/0x120\n [...]\n RIP: 0010:__list_del_entry_valid_or_report+0xa3/0x120\n [...]\n Call Trace:\n \u003cTASK\u003e\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? __warn.cold+0x93/0xf2\n ? __list_del_entry_valid_or_report+0xa3/0x120\n ? report_bug+0xe6/0x170\n ? __irq_work_queue_local+0x39/0xe0\n ? handle_bug+0x58/0x90\n ? exc_invalid_op+0x13/0x60\n ? asm_exc_invalid_op+0x16/0x20\n ? __list_del_entry_valid_or_report+0xa3/0x120\n gpiod_remove_lookup_table+0x22/0x60\n new_device_store+0x315/0x350 [gpio_aggregator]\n kernfs_fop_write_iter+0x137/0x1f0\n vfs_write+0x262/0x430\n ksys_write+0x60/0xd0\n do_syscall_64+0x6c/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21943",
"url": "https://www.suse.com/security/cve/CVE-2025-21943"
},
{
"category": "external",
"summary": "SUSE Bug 1240647 for CVE-2025-21943",
"url": "https://bugzilla.suse.com/1240647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21943"
},
{
"cve": "CVE-2025-21948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: appleir: Fix potential NULL dereference at raw event handle\n\nSyzkaller reports a NULL pointer dereference issue in input_event().\n\nBUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline]\nBUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: null-ptr-deref in is_event_supported drivers/input/input.c:67 [inline]\nBUG: KASAN: null-ptr-deref in input_event+0x42/0xa0 drivers/input/input.c:395\nRead of size 8 at addr 0000000000000028 by task syz-executor199/2949\n\nCPU: 0 UID: 0 PID: 2949 Comm: syz-executor199 Not tainted 6.13.0-rc4-syzkaller-00076-gf097a36ef88d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n check_region_inline mm/kasan/generic.c:183 [inline]\n kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n instrument_atomic_read include/linux/instrumented.h:68 [inline]\n _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\n is_event_supported drivers/input/input.c:67 [inline]\n input_event+0x42/0xa0 drivers/input/input.c:395\n input_report_key include/linux/input.h:439 [inline]\n key_down drivers/hid/hid-appleir.c:159 [inline]\n appleir_raw_event+0x3e5/0x5e0 drivers/hid/hid-appleir.c:232\n __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2111\n hid_ctrl+0x49f/0x550 drivers/hid/usbhid/hid-core.c:484\n __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650\n usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734\n dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1993\n __run_hrtimer kernel/time/hrtimer.c:1739 [inline]\n __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1803\n hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1820\n handle_softirqs+0x206/0x8d0 kernel/softirq.c:561\n __do_softirq kernel/softirq.c:595 [inline]\n invoke_softirq kernel/softirq.c:435 [inline]\n __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:678\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702\n __mod_timer+0x8f6/0xdc0 kernel/time/timer.c:1185\n add_timer+0x62/0x90 kernel/time/timer.c:1295\n schedule_timeout+0x11f/0x280 kernel/time/sleep_timeout.c:98\n usbhid_wait_io+0x1c7/0x380 drivers/hid/usbhid/hid-core.c:645\n usbhid_init_reports+0x19f/0x390 drivers/hid/usbhid/hid-core.c:784\n hiddev_ioctl+0x1133/0x15b0 drivers/hid/usbhid/hiddev.c:794\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nThis happens due to the malformed report items sent by the emulated device\nwhich results in a report, that has no fields, being added to the report list.\nDue to this appleir_input_configured() is never called, hidinput_connect()\nfails which results in the HID_CLAIMED_INPUT flag is not being set. However,\nit does not make appleir_probe() fail and lets the event callback to be\ncalled without the associated input device.\n\nThus, add a check for the HID_CLAIMED_INPUT flag and leave the event hook\nearly if the driver didn\u0027t claim any input_dev for some reason. Moreover,\nsome other hid drivers accessing input_dev in their event callbacks do have\nsimilar checks, too.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21948",
"url": "https://www.suse.com/security/cve/CVE-2025-21948"
},
{
"category": "external",
"summary": "SUSE Bug 1240703 for CVE-2025-21948",
"url": "https://bugzilla.suse.com/1240703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21948"
},
{
"cve": "CVE-2025-21950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21950"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl\n\nIn the \"pmcmd_ioctl\" function, three memory objects allocated by\nkmalloc are initialized by \"hcall_get_cpu_state\", which are then\ncopied to user space. The initializer is indeed implemented in\n\"acrn_hypercall2\" (arch/x86/include/asm/acrn.h). There is a risk of\ninformation leakage due to uninitialized bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21950",
"url": "https://www.suse.com/security/cve/CVE-2025-21950"
},
{
"category": "external",
"summary": "SUSE Bug 1240719 for CVE-2025-21950",
"url": "https://bugzilla.suse.com/1240719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21950"
},
{
"cve": "CVE-2025-21951",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21951"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock\n\nThere are multiple places from where the recovery work gets scheduled\nasynchronously. Also, there are multiple places where the caller waits\nsynchronously for the recovery to be completed. One such place is during\nthe PM shutdown() callback.\n\nIf the device is not alive during recovery_work, it will try to reset the\ndevice using pci_reset_function(). This function internally will take the\ndevice_lock() first before resetting the device. By this time, if the lock\nhas already been acquired, then recovery_work will get stalled while\nwaiting for the lock. And if the lock was already acquired by the caller\nwhich waits for the recovery_work to be completed, it will lead to\ndeadlock.\n\nThis is what happened on the X1E80100 CRD device when the device died\nbefore shutdown() callback. Driver core calls the driver\u0027s shutdown()\ncallback while holding the device_lock() leading to deadlock.\n\nAnd this deadlock scenario can occur on other paths as well, like during\nthe PM suspend() callback, where the driver core would hold the\ndevice_lock() before calling driver\u0027s suspend() callback. And if the\nrecovery_work was already started, it could lead to deadlock. This is also\nobserved on the X1E80100 CRD.\n\nSo to fix both issues, use pci_try_reset_function() in recovery_work. This\nfunction first checks for the availability of the device_lock() before\ntrying to reset the device. If the lock is available, it will acquire it\nand reset the device. Otherwise, it will return -EAGAIN. If that happens,\nrecovery_work will fail with the error message \"Recovery failed\" as not\nmuch could be done.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21951",
"url": "https://www.suse.com/security/cve/CVE-2025-21951"
},
{
"category": "external",
"summary": "SUSE Bug 1240718 for CVE-2025-21951",
"url": "https://bugzilla.suse.com/1240718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21951"
},
{
"cve": "CVE-2025-21953",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21953"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: cleanup mana struct after debugfs_remove()\n\nWhen on a MANA VM hibernation is triggered, as part of hibernate_snapshot(),\nmana_gd_suspend() and mana_gd_resume() are called. If during this\nmana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs\npointer does not get reinitialized and ends up pointing to older,\ncleaned-up dentry.\nFurther in the hibernation path, as part of power_down(), mana_gd_shutdown()\nis triggered. This call, unaware of the failures in resume, tries to cleanup\nthe already cleaned up mana_port_debugfs value and hits the following bug:\n\n[ 191.359296] mana 7870:00:00.0: Shutdown was called\n[ 191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ 191.360584] #PF: supervisor write access in kernel mode\n[ 191.361125] #PF: error_code(0x0002) - not-present page\n[ 191.361727] PGD 1080ea067 P4D 0\n[ 191.362172] Oops: Oops: 0002 [#1] SMP NOPTI\n[ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2\n[ 191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[ 191.364124] RIP: 0010:down_write+0x19/0x50\n[ 191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 \u003cf0\u003e 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d\n[ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246\n[ 191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000\n[ 191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098\n[ 191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001\n[ 191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000\n[ 191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020\n[ 191.369549] FS: 00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000\n[ 191.370213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0\n[ 191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 191.372906] Call Trace:\n[ 191.373262] \u003cTASK\u003e\n[ 191.373621] ? show_regs+0x64/0x70\n[ 191.374040] ? __die+0x24/0x70\n[ 191.374468] ? page_fault_oops+0x290/0x5b0\n[ 191.374875] ? do_user_addr_fault+0x448/0x800\n[ 191.375357] ? exc_page_fault+0x7a/0x160\n[ 191.375971] ? asm_exc_page_fault+0x27/0x30\n[ 191.376416] ? down_write+0x19/0x50\n[ 191.376832] ? down_write+0x12/0x50\n[ 191.377232] simple_recursive_removal+0x4a/0x2a0\n[ 191.377679] ? __pfx_remove_one+0x10/0x10\n[ 191.378088] debugfs_remove+0x44/0x70\n[ 191.378530] mana_detach+0x17c/0x4f0\n[ 191.378950] ? __flush_work+0x1e2/0x3b0\n[ 191.379362] ? __cond_resched+0x1a/0x50\n[ 191.379787] mana_remove+0xf2/0x1a0\n[ 191.380193] mana_gd_shutdown+0x3b/0x70\n[ 191.380642] pci_device_shutdown+0x3a/0x80\n[ 191.381063] device_shutdown+0x13e/0x230\n[ 191.381480] kernel_power_off+0x35/0x80\n[ 191.381890] hibernate+0x3c6/0x470\n[ 191.382312] state_store+0xcb/0xd0\n[ 191.382734] kobj_attr_store+0x12/0x30\n[ 191.383211] sysfs_kf_write+0x3e/0x50\n[ 191.383640] kernfs_fop_write_iter+0x140/0x1d0\n[ 191.384106] vfs_write+0x271/0x440\n[ 191.384521] ksys_write+0x72/0xf0\n[ 191.384924] __x64_sys_write+0x19/0x20\n[ 191.385313] x64_sys_call+0x2b0/0x20b0\n[ 191.385736] do_syscall_64+0x79/0x150\n[ 191.386146] ? __mod_memcg_lruvec_state+0xe7/0x240\n[ 191.386676] ? __lruvec_stat_mod_folio+0x79/0xb0\n[ 191.387124] ? __pfx_lru_add+0x10/0x10\n[ 191.387515] ? queued_spin_unlock+0x9/0x10\n[ 191.387937] ? do_anonymous_page+0x33c/0xa00\n[ 191.388374] ? __handle_mm_fault+0xcf3/0x1210\n[ 191.388805] ? __count_memcg_events+0xbe/0x180\n[ 191.389235] ? handle_mm_fault+0xae/0x300\n[ 19\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21953",
"url": "https://www.suse.com/security/cve/CVE-2025-21953"
},
{
"category": "external",
"summary": "SUSE Bug 1240727 for CVE-2025-21953",
"url": "https://bugzilla.suse.com/1240727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21953"
},
{
"cve": "CVE-2025-21956",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21956"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Assign normalized_pix_clk when color depth = 14\n\n[WHY \u0026 HOW]\nA warning message \"WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397\ncalculate_phy_pix_clks+0xef/0x100 [amdgpu]\" occurs because the\ndisplay_color_depth == COLOR_DEPTH_141414 is not handled. This is\nobserved in Radeon RX 6600 XT.\n\nIt is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests.\n\nAlso fixes the indentation in get_norm_pix_clk.\n\n(cherry picked from commit 274a87eb389f58eddcbc5659ab0b180b37e92775)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21956",
"url": "https://www.suse.com/security/cve/CVE-2025-21956"
},
{
"category": "external",
"summary": "SUSE Bug 1240739 for CVE-2025-21956",
"url": "https://bugzilla.suse.com/1240739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21956"
},
{
"cve": "CVE-2025-21957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla1280: Fix kernel oops when debug level \u003e 2\n\nA null dereference or oops exception will eventually occur when qla1280.c\ndriver is compiled with DEBUG_QLA1280 enabled and ql_debug_level \u003e 2. I\nthink its clear from the code that the intention here is sg_dma_len(s) not\nlength of sg_next(s) when printing the debug info.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21957",
"url": "https://www.suse.com/security/cve/CVE-2025-21957"
},
{
"category": "external",
"summary": "SUSE Bug 1240742 for CVE-2025-21957",
"url": "https://bugzilla.suse.com/1240742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21957"
},
{
"cve": "CVE-2025-21960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21960"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: do not update checksum in bnxt_xdp_build_skb()\n\nThe bnxt_rx_pkt() updates ip_summed value at the end if checksum offload\nis enabled.\nWhen the XDP-MB program is attached and it returns XDP_PASS, the\nbnxt_xdp_build_skb() is called to update skb_shared_info.\nThe main purpose of bnxt_xdp_build_skb() is to update skb_shared_info,\nbut it updates ip_summed value too if checksum offload is enabled.\nThis is actually duplicate work.\n\nWhen the bnxt_rx_pkt() updates ip_summed value, it checks if ip_summed\nis CHECKSUM_NONE or not.\nIt means that ip_summed should be CHECKSUM_NONE at this moment.\nBut ip_summed may already be updated to CHECKSUM_UNNECESSARY in the\nXDP-MB-PASS path.\nSo the by skb_checksum_none_assert() WARNS about it.\n\nThis is duplicate work and updating ip_summed in the\nbnxt_xdp_build_skb() is not needed.\n\nSplat looks like:\nWARNING: CPU: 3 PID: 5782 at ./include/linux/skbuff.h:5155 bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nModules linked in: bnxt_re bnxt_en rdma_ucm rdma_cm iw_cm ib_cm ib_uverbs veth xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_]\nCPU: 3 UID: 0 PID: 5782 Comm: socat Tainted: G W 6.14.0-rc4+ #27\nTainted: [W]=WARN\nHardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021\nRIP: 0010:bnxt_rx_pkt+0x479b/0x7610 [bnxt_en]\nCode: 54 24 0c 4c 89 f1 4c 89 ff c1 ea 1f ff d3 0f 1f 00 49 89 c6 48 85 c0 0f 84 4c e5 ff ff 48 89 c7 e8 ca 3d a0 c8 e9 8f f4 ff ff \u003c0f\u003e 0b f\nRSP: 0018:ffff88881ba09928 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: 00000000c7590303 RCX: 0000000000000000\nRDX: 1ffff1104e7d1610 RSI: 0000000000000001 RDI: ffff8881c91300b8\nRBP: ffff88881ba09b28 R08: ffff888273e8b0d0 R09: ffff888273e8b070\nR10: ffff888273e8b010 R11: ffff888278b0f000 R12: ffff888273e8b080\nR13: ffff8881c9130e00 R14: ffff8881505d3800 R15: ffff888273e8b000\nFS: 00007f5a2e7be080(0000) GS:ffff88881ba00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fff2e708ff8 CR3: 000000013e3b0000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? __warn+0xcd/0x2f0\n ? bnxt_rx_pkt+0x479b/0x7610\n ? report_bug+0x326/0x3c0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x14/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? bnxt_rx_pkt+0x479b/0x7610\n ? bnxt_rx_pkt+0x3e41/0x7610\n ? __pfx_bnxt_rx_pkt+0x10/0x10\n ? napi_complete_done+0x2cf/0x7d0\n __bnxt_poll_work+0x4e8/0x1220\n ? __pfx___bnxt_poll_work+0x10/0x10\n ? __pfx_mark_lock.part.0+0x10/0x10\n bnxt_poll_p5+0x36a/0xfa0\n ? __pfx_bnxt_poll_p5+0x10/0x10\n __napi_poll.constprop.0+0xa0/0x440\n net_rx_action+0x899/0xd00\n...\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going\nto be able to reproduce this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21960",
"url": "https://www.suse.com/security/cve/CVE-2025-21960"
},
{
"category": "external",
"summary": "SUSE Bug 1240815 for CVE-2025-21960",
"url": "https://bugzilla.suse.com/1240815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21960"
},
{
"cve": "CVE-2025-21961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21961"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: fix truesize for mb-xdp-pass case\n\nWhen mb-xdp is set and return is XDP_PASS, packet is converted from\nxdp_buff to sk_buff with xdp_update_skb_shared_info() in\nbnxt_xdp_build_skb().\nbnxt_xdp_build_skb() passes incorrect truesize argument to\nxdp_update_skb_shared_info().\nThe truesize is calculated as BNXT_RX_PAGE_SIZE * sinfo-\u003enr_frags but\nthe skb_shared_info was wiped by napi_build_skb() before.\nSo it stores sinfo-\u003enr_frags before bnxt_xdp_build_skb() and use it\ninstead of getting skb_shared_info from xdp_get_shared_info_from_buff().\n\nSplat looks like:\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 0 at net/core/skbuff.c:6072 skb_try_coalesce+0x504/0x590\n Modules linked in: xt_nat xt_tcpudp veth af_packet xt_conntrack nft_chain_nat xt_MASQUERADE nf_conntrack_netlink xfrm_user xt_addrtype nft_coms\n CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.14.0-rc2+ #3\n RIP: 0010:skb_try_coalesce+0x504/0x590\n Code: 4b fd ff ff 49 8b 34 24 40 80 e6 40 0f 84 3d fd ff ff 49 8b 74 24 48 40 f6 c6 01 0f 84 2e fd ff ff 48 8d 4e ff e9 25 fd ff ff \u003c0f\u003e 0b e99\n RSP: 0018:ffffb62c4120caa8 EFLAGS: 00010287\n RAX: 0000000000000003 RBX: ffffb62c4120cb14 RCX: 0000000000000ec0\n RDX: 0000000000001000 RSI: ffffa06e5d7dc000 RDI: 0000000000000003\n RBP: ffffa06e5d7ddec0 R08: ffffa06e6120a800 R09: ffffa06e7a119900\n R10: 0000000000002310 R11: ffffa06e5d7dcec0 R12: ffffe4360575f740\n R13: ffffe43600000000 R14: 0000000000000002 R15: 0000000000000002\n FS: 0000000000000000(0000) GS:ffffa0755f700000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f147b76b0f8 CR3: 00000001615d4000 CR4: 00000000007506f0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n ? __warn+0x84/0x130\n ? skb_try_coalesce+0x504/0x590\n ? report_bug+0x18a/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_try_coalesce+0x504/0x590\n inet_frag_reasm_finish+0x11f/0x2e0\n ip_defrag+0x37a/0x900\n ip_local_deliver+0x51/0x120\n ip_sublist_rcv_finish+0x64/0x70\n ip_sublist_rcv+0x179/0x210\n ip_list_rcv+0xf9/0x130\n\nHow to reproduce:\n\u003cNode A\u003e\nip link set $interface1 xdp obj xdp_pass.o\nip link set $interface1 mtu 9000 up\nip a a 10.0.0.1/24 dev $interface1\n\u003cNode B\u003e\nip link set $interfac2 mtu 9000 up\nip a a 10.0.0.2/24 dev $interface2\nping 10.0.0.1 -s 65000\n\nFollowing ping.py patch adds xdp-mb-pass case. so ping.py is going to be\nable to reproduce this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21961",
"url": "https://www.suse.com/security/cve/CVE-2025-21961"
},
{
"category": "external",
"summary": "SUSE Bug 1240816 for CVE-2025-21961",
"url": "https://bugzilla.suse.com/1240816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21961"
},
{
"cve": "CVE-2025-21966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21966"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-flakey: Fix memory corruption in optional corrupt_bio_byte feature\n\nFix memory corruption due to incorrect parameter being passed to bio_init",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21966",
"url": "https://www.suse.com/security/cve/CVE-2025-21966"
},
{
"category": "external",
"summary": "SUSE Bug 1240779 for CVE-2025-21966",
"url": "https://bugzilla.suse.com/1240779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21966"
},
{
"cve": "CVE-2025-21968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix slab-use-after-free on hdcp_work\n\n[Why]\nA slab-use-after-free is reported when HDCP is destroyed but the\nproperty_validate_dwork queue is still running.\n\n[How]\nCancel the delayed work when destroying workqueue.\n\n(cherry picked from commit 725a04ba5a95e89c89633d4322430cfbca7ce128)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21968",
"url": "https://www.suse.com/security/cve/CVE-2025-21968"
},
{
"category": "external",
"summary": "SUSE Bug 1240783 for CVE-2025-21968",
"url": "https://bugzilla.suse.com/1240783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21968"
},
{
"cve": "CVE-2025-21969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n\nAfter the hci sync command releases l2cap_conn, the hci receive data work\nqueue references the released l2cap_conn when sending to the upper layer.\nAdd hci dev lock to the hci receive data work queue to synchronize the two.\n\n[1]\nBUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\nRead of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837\n\nCPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci1 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline]\n l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\n l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline]\n l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817\n hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline]\n hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 5837:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860\n l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726\n hci_event_func net/bluetooth/hci_event.c:7473 [inline]\n hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525\n hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nFreed by task 54:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266\n hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21969",
"url": "https://www.suse.com/security/cve/CVE-2025-21969"
},
{
"category": "external",
"summary": "SUSE Bug 1240784 for CVE-2025-21969",
"url": "https://bugzilla.suse.com/1240784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21969"
},
{
"cve": "CVE-2025-21970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Bridge, fix the crash caused by LAG state check\n\nWhen removing LAG device from bridge, NETDEV_CHANGEUPPER event is\ntriggered. Driver finds the lower devices (PFs) to flush all the\noffloaded entries. And mlx5_lag_is_shared_fdb is checked, it returns\nfalse if one of PF is unloaded. In such case,\nmlx5_esw_bridge_lag_rep_get() and its caller return NULL, instead of\nthe alive PF, and the flush is skipped.\n\nBesides, the bridge fdb entry\u0027s lastuse is updated in mlx5 bridge\nevent handler. But this SWITCHDEV_FDB_ADD_TO_BRIDGE event can be\nignored in this case because the upper interface for bond is deleted,\nand the entry will never be aged because lastuse is never updated.\n\nTo make things worse, as the entry is alive, mlx5 bridge workqueue\nkeeps sending that event, which is then handled by kernel bridge\nnotifier. It causes the following crash when accessing the passed bond\nnetdev which is already destroyed.\n\nTo fix this issue, remove such checks. LAG state is already checked in\ncommit 15f8f168952f (\"net/mlx5: Bridge, verify LAG state when adding\nbond to bridge\"), driver still need to skip offload if LAG becomes\ninvalid state after initialization.\n\n Oops: stack segment: 0000 [#1] SMP\n CPU: 3 UID: 0 PID: 23695 Comm: kworker/u40:3 Tainted: G OE 6.11.0_mlnx #1\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5_bridge_wq mlx5_esw_bridge_update_work [mlx5_core]\n RIP: 0010:br_switchdev_event+0x2c/0x110 [bridge]\n Code: 44 00 00 48 8b 02 48 f7 00 00 02 00 00 74 69 41 54 55 53 48 83 ec 08 48 8b a8 08 01 00 00 48 85 ed 74 4a 48 83 fe 02 48 89 d3 \u003c4c\u003e 8b 65 00 74 23 76 49 48 83 fe 05 74 7e 48 83 fe 06 75 2f 0f b7\n RSP: 0018:ffffc900092cfda0 EFLAGS: 00010297\n RAX: ffff888123bfe000 RBX: ffffc900092cfe08 RCX: 00000000ffffffff\n RDX: ffffc900092cfe08 RSI: 0000000000000001 RDI: ffffffffa0c585f0\n RBP: 6669746f6e690a30 R08: 0000000000000000 R09: ffff888123ae92c8\n R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888123ae9c60\n R13: 0000000000000001 R14: ffffc900092cfe08 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff88852c980000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f15914c8734 CR3: 0000000002830005 CR4: 0000000000770ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die_body+0x1a/0x60\n ? die+0x38/0x60\n ? do_trap+0x10b/0x120\n ? do_error_trap+0x64/0xa0\n ? exc_stack_segment+0x33/0x50\n ? asm_exc_stack_segment+0x22/0x30\n ? br_switchdev_event+0x2c/0x110 [bridge]\n ? sched_balance_newidle.isra.149+0x248/0x390\n notifier_call_chain+0x4b/0xa0\n atomic_notifier_call_chain+0x16/0x20\n mlx5_esw_bridge_update+0xec/0x170 [mlx5_core]\n mlx5_esw_bridge_update_work+0x19/0x40 [mlx5_core]\n process_scheduled_works+0x81/0x390\n worker_thread+0x106/0x250\n ? bh_worker+0x110/0x110\n kthread+0xb7/0xe0\n ? kthread_park+0x80/0x80\n ret_from_fork+0x2d/0x50\n ? kthread_park+0x80/0x80\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21970",
"url": "https://www.suse.com/security/cve/CVE-2025-21970"
},
{
"category": "external",
"summary": "SUSE Bug 1240819 for CVE-2025-21970",
"url": "https://bugzilla.suse.com/1240819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21970"
},
{
"cve": "CVE-2025-21971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Prevent creation of classes with TC_H_ROOT\n\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\n\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21971",
"url": "https://www.suse.com/security/cve/CVE-2025-21971"
},
{
"category": "external",
"summary": "SUSE Bug 1240799 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "external",
"summary": "SUSE Bug 1245794 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1245794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-21971"
},
{
"cve": "CVE-2025-21972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: unshare packets when reassembling\n\nEnsure that the frag_list used for reassembly isn\u0027t shared with other\npackets. This avoids incorrect reassembly when packets are cloned, and\nprevents a memory leak due to circular references between fragments and\ntheir skb_shared_info.\n\nThe upcoming MCTP-over-USB driver uses skb_clone which can trigger the\nproblem - other MCTP drivers don\u0027t share SKBs.\n\nA kunit test is added to reproduce the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21972",
"url": "https://www.suse.com/security/cve/CVE-2025-21972"
},
{
"category": "external",
"summary": "SUSE Bug 1240813 for CVE-2025-21972",
"url": "https://bugzilla.suse.com/1240813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21972"
},
{
"cve": "CVE-2025-21975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21975"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: handle errors in mlx5_chains_create_table()\n\nIn mlx5_chains_create_table(), the return value of mlx5_get_fdb_sub_ns()\nand mlx5_get_flow_namespace() must be checked to prevent NULL pointer\ndereferences. If either function fails, the function should log error\nmessage with mlx5_core_warn() and return error pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21975",
"url": "https://www.suse.com/security/cve/CVE-2025-21975"
},
{
"category": "external",
"summary": "SUSE Bug 1240812 for CVE-2025-21975",
"url": "https://bugzilla.suse.com/1240812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21975"
},
{
"cve": "CVE-2025-21978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/hyperv: Fix address space leak when Hyper-V DRM device is removed\n\nWhen a Hyper-V DRM device is probed, the driver allocates MMIO space for\nthe vram, and maps it cacheable. If the device removed, or in the error\npath for device probing, the MMIO space is released but no unmap is done.\nConsequently the kernel address space for the mapping is leaked.\n\nFix this by adding iounmap() calls in the device removal path, and in the\nerror path during device probing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21978",
"url": "https://www.suse.com/security/cve/CVE-2025-21978"
},
{
"category": "external",
"summary": "SUSE Bug 1240806 for CVE-2025-21978",
"url": "https://bugzilla.suse.com/1240806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21978"
},
{
"cve": "CVE-2025-21979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: cancel wiphy_work before freeing wiphy\n\nA wiphy_work can be queued from the moment the wiphy is allocated and\ninitialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the\nrdev::wiphy_work is getting queued.\n\nIf wiphy_free is called before the rdev::wiphy_work had a chance to run,\nthe wiphy memory will be freed, and then when it eventally gets to run\nit\u0027ll use invalid memory.\n\nFix this by canceling the work before freeing the wiphy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21979",
"url": "https://www.suse.com/security/cve/CVE-2025-21979"
},
{
"category": "external",
"summary": "SUSE Bug 1240808 for CVE-2025-21979",
"url": "https://bugzilla.suse.com/1240808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21979"
},
{
"cve": "CVE-2025-21981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix memory leak in aRFS after reset\n\nFix aRFS (accelerated Receive Flow Steering) structures memory leak by\nadding a checker to verify if aRFS memory is already allocated while\nconfiguring VSI. aRFS objects are allocated in two cases:\n- as part of VSI initialization (at probe), and\n- as part of reset handling\n\nHowever, VSI reconfiguration executed during reset involves memory\nallocation one more time, without prior releasing already allocated\nresources. This led to the memory leak with the following signature:\n\n[root@os-delivery ~]# cat /sys/kernel/debug/kmemleak\nunreferenced object 0xff3c1ca7252e6000 (size 8192):\n comm \"kworker/0:0\", pid 8, jiffies 4296833052\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 0):\n [\u003cffffffff991ec485\u003e] __kmalloc_cache_noprof+0x275/0x340\n [\u003cffffffffc0a6e06a\u003e] ice_init_arfs+0x3a/0xe0 [ice]\n [\u003cffffffffc09f1027\u003e] ice_vsi_cfg_def+0x607/0x850 [ice]\n [\u003cffffffffc09f244b\u003e] ice_vsi_setup+0x5b/0x130 [ice]\n [\u003cffffffffc09c2131\u003e] ice_init+0x1c1/0x460 [ice]\n [\u003cffffffffc09c64af\u003e] ice_probe+0x2af/0x520 [ice]\n [\u003cffffffff994fbcd3\u003e] local_pci_probe+0x43/0xa0\n [\u003cffffffff98f07103\u003e] work_for_cpu_fn+0x13/0x20\n [\u003cffffffff98f0b6d9\u003e] process_one_work+0x179/0x390\n [\u003cffffffff98f0c1e9\u003e] worker_thread+0x239/0x340\n [\u003cffffffff98f14abc\u003e] kthread+0xcc/0x100\n [\u003cffffffff98e45a6d\u003e] ret_from_fork+0x2d/0x50\n [\u003cffffffff98e083ba\u003e] ret_from_fork_asm+0x1a/0x30\n ...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21981",
"url": "https://www.suse.com/security/cve/CVE-2025-21981"
},
{
"category": "external",
"summary": "SUSE Bug 1240612 for CVE-2025-21981",
"url": "https://bugzilla.suse.com/1240612"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21981"
},
{
"cve": "CVE-2025-21991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes\n\nCurrently, load_microcode_amd() iterates over all NUMA nodes, retrieves their\nCPU masks and unconditionally accesses per-CPU data for the first CPU of each\nmask.\n\nAccording to Documentation/admin-guide/mm/numaperf.rst:\n\n \"Some memory may share the same node as a CPU, and others are provided as\n memory only nodes.\"\n\nTherefore, some node CPU masks may be empty and wouldn\u0027t have a \"first CPU\".\n\nOn a machine with far memory (and therefore CPU-less NUMA nodes):\n- cpumask_of_node(nid) is 0\n- cpumask_first(0) is CONFIG_NR_CPUS\n- cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an\n index that is 1 out of bounds\n\nThis does not have any security implications since flashing microcode is\na privileged operation but I believe this has reliability implications by\npotentially corrupting memory while flashing a microcode update.\n\nWhen booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes\na microcode update. I get the following splat:\n\n UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y\n index 512 is out of range for type \u0027unsigned long[512]\u0027\n [...]\n Call Trace:\n dump_stack\n __ubsan_handle_out_of_bounds\n load_microcode_amd\n request_microcode_amd\n reload_store\n kernfs_fop_write_iter\n vfs_write\n ksys_write\n do_syscall_64\n entry_SYSCALL_64_after_hwframe\n\nChange the loop to go over only NUMA nodes which have CPUs before determining\nwhether the first CPU on the respective node needs microcode update.\n\n [ bp: Massage commit message, fix typo. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21991",
"url": "https://www.suse.com/security/cve/CVE-2025-21991"
},
{
"category": "external",
"summary": "SUSE Bug 1240795 for CVE-2025-21991",
"url": "https://bugzilla.suse.com/1240795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21991"
},
{
"cve": "CVE-2025-21992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21992"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: ignore non-functional sensor in HP 5MP Camera\n\nThe HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that\nis not actually implemented. Attempting to access this non-functional\nsensor via iio_info causes system hangs as runtime PM tries to wake up\nan unresponsive sensor.\n\n [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff\n [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff\n\nAdd this device to the HID ignore list since the sensor interface is\nnon-functional by design and should not be exposed to userspace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21992",
"url": "https://www.suse.com/security/cve/CVE-2025-21992"
},
{
"category": "external",
"summary": "SUSE Bug 1240796 for CVE-2025-21992",
"url": "https://bugzilla.suse.com/1240796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21992"
},
{
"cve": "CVE-2025-21993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()\n\nWhen performing an iSCSI boot using IPv6, iscsistart still reads the\n/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix\nlength is 64, this causes the shift exponent to become negative,\ntriggering a UBSAN warning. As the concept of a subnet mask does not\napply to IPv6, the value is set to ~0 to suppress the warning message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21993",
"url": "https://www.suse.com/security/cve/CVE-2025-21993"
},
{
"category": "external",
"summary": "SUSE Bug 1240797 for CVE-2025-21993",
"url": "https://bugzilla.suse.com/1240797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21993"
},
{
"cve": "CVE-2025-21995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix fence reference count leak\n\nThe last_scheduled fence leaks when an entity is being killed and adding\nthe cleanup callback fails.\n\nDecrement the reference count of prev when dma_fence_add_callback()\nfails, ensuring proper balance.\n\n[phasta: add git tag info for stable kernel]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21995",
"url": "https://www.suse.com/security/cve/CVE-2025-21995"
},
{
"category": "external",
"summary": "SUSE Bug 1240821 for CVE-2025-21995",
"url": "https://bugzilla.suse.com/1240821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21995"
},
{
"cve": "CVE-2025-21996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()\n\nOn the off chance that command stream passed from userspace via\nioctl() call to radeon_vce_cs_parse() is weirdly crafted and\nfirst command to execute is to encode (case 0x03000001), the function\nin question will attempt to call radeon_vce_cs_reloc() with size\nargument that has not been properly initialized. Specifically, \u0027size\u0027\nwill point to \u0027tmp\u0027 variable before the latter had a chance to be\nassigned any value.\n\nPlay it safe and init \u0027tmp\u0027 with 0, thus ensuring that\nradeon_vce_cs_reloc() will catch an early error in cases like these.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.\n\n(cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21996",
"url": "https://www.suse.com/security/cve/CVE-2025-21996"
},
{
"category": "external",
"summary": "SUSE Bug 1240801 for CVE-2025-21996",
"url": "https://bugzilla.suse.com/1240801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-21996"
},
{
"cve": "CVE-2025-22001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22001"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix integer overflow in qaic_validate_req()\n\nThese are u64 variables that come from the user via\nqaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that\nthe math doesn\u0027t have an integer wrapping bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22001",
"url": "https://www.suse.com/security/cve/CVE-2025-22001"
},
{
"category": "external",
"summary": "SUSE Bug 1240873 for CVE-2025-22001",
"url": "https://bugzilla.suse.com/1240873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22001"
},
{
"cve": "CVE-2025-22003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22003"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ucan: fix out of bound read in strscpy() source\n\nCommit 7fdaf8966aae (\"can: ucan: use strscpy() to instead of strncpy()\")\nunintentionally introduced a one byte out of bound read on strscpy()\u0027s\nsource argument (which is kind of ironic knowing that strscpy() is meant\nto be a more secure alternative :)).\n\nLet\u0027s consider below buffers:\n\n dest[len + 1]; /* will be NUL terminated */\n src[len]; /* may not be NUL terminated */\n\nWhen doing:\n\n strncpy(dest, src, len);\n dest[len] = \u0027\\0\u0027;\n\nstrncpy() will read up to len bytes from src.\n\nOn the other hand:\n\n strscpy(dest, src, len + 1);\n\nwill read up to len + 1 bytes from src, that is to say, an out of bound\nread of one byte will occur on src if it is not NUL terminated. Note\nthat the src[len] byte is never copied, but strscpy() still needs to\nread it to check whether a truncation occurred or not.\n\nThis exact pattern happened in ucan.\n\nThe root cause is that the source is not NUL terminated. Instead of\ndoing a copy in a local buffer, directly NUL terminate it as soon as\nusb_control_msg() returns. With this, the local firmware_str[] variable\ncan be removed.\n\nOn top of this do a couple refactors:\n\n - ucan_ctl_payload-\u003eraw is only used for the firmware string, so\n rename it to ucan_ctl_payload-\u003efw_str and change its type from u8 to\n char.\n\n - ucan_device_request_in() is only used to retrieve the firmware\n string, so rename it to ucan_get_fw_str() and refactor it to make it\n directly handle all the string termination logic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22003",
"url": "https://www.suse.com/security/cve/CVE-2025-22003"
},
{
"category": "external",
"summary": "SUSE Bug 1240825 for CVE-2025-22003",
"url": "https://bugzilla.suse.com/1240825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22003"
},
{
"cve": "CVE-2025-22007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22007"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix error code in chan_alloc_skb_cb()\n\nThe chan_alloc_skb_cb() function is supposed to return error pointers on\nerror. Returning NULL will lead to a NULL dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22007",
"url": "https://www.suse.com/security/cve/CVE-2025-22007"
},
{
"category": "external",
"summary": "SUSE Bug 1240829 for CVE-2025-22007",
"url": "https://bugzilla.suse.com/1240829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22007"
},
{
"cve": "CVE-2025-22008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: check that dummy regulator has been probed before using it\n\nDue to asynchronous driver probing there is a chance that the dummy\nregulator hasn\u0027t already been probed when first accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22008",
"url": "https://www.suse.com/security/cve/CVE-2025-22008"
},
{
"category": "external",
"summary": "SUSE Bug 1240942 for CVE-2025-22008",
"url": "https://bugzilla.suse.com/1240942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22008"
},
{
"cve": "CVE-2025-22009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22009"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: dummy: force synchronous probing\n\nSometimes I get a NULL pointer dereference at boot time in kobject_get()\nwith the following call stack:\n\nanatop_regulator_probe()\n devm_regulator_register()\n regulator_register()\n regulator_resolve_supply()\n kobject_get()\n\nBy placing some extra BUG_ON() statements I could verify that this is\nraised because probing of the \u0027dummy\u0027 regulator driver is not completed\n(\u0027dummy_regulator_rdev\u0027 is still NULL).\n\nIn the JTAG debugger I can see that dummy_regulator_probe() and\nanatop_regulator_probe() can be run by different kernel threads\n(kworker/u4:*). I haven\u0027t further investigated whether this can be\nchanged or if there are other possibilities to force synchronization\nbetween these two probe routines. On the other hand I don\u0027t expect much\nboot time penalty by probing the \u0027dummy\u0027 regulator synchronously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22009",
"url": "https://www.suse.com/security/cve/CVE-2025-22009"
},
{
"category": "external",
"summary": "SUSE Bug 1240940 for CVE-2025-22009",
"url": "https://bugzilla.suse.com/1240940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22009"
},
{
"cve": "CVE-2025-22010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup during bt pages loop\n\nDriver runs a for-loop when allocating bt pages and mapping them with\nbuffer pages. When a large buffer (e.g. MR over 100GB) is being allocated,\nit may require a considerable loop count. This will lead to soft lockup:\n\n watchdog: BUG: soft lockup - CPU#27 stuck for 22s!\n ...\n Call trace:\n hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2]\n hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2]\n alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x118/0x290\n\n watchdog: BUG: soft lockup - CPU#35 stuck for 23s!\n ...\n Call trace:\n hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2]\n mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2]\n hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2]\n alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2]\n hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2]\n ib_uverbs_reg_mr+0x120/0x2bc\n\nAdd a cond_resched() to fix soft lockup during these loops. In order not\nto affect the allocation performance of normal-size buffer, set the loop\ncount of a 100GB MR as the threshold to call cond_resched().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22010",
"url": "https://www.suse.com/security/cve/CVE-2025-22010"
},
{
"category": "external",
"summary": "SUSE Bug 1240943 for CVE-2025-22010",
"url": "https://bugzilla.suse.com/1240943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22010"
},
{
"cve": "CVE-2025-22013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state\n\nThere are several problems with the way hyp code lazily saves the host\u0027s\nFPSIMD/SVE state, including:\n\n* Host SVE being discarded unexpectedly due to inconsistent\n configuration of TIF_SVE and CPACR_ELx.ZEN. This has been seen to\n result in QEMU crashes where SVE is used by memmove(), as reported by\n Eric Auger:\n\n https://issues.redhat.com/browse/RHEL-68997\n\n* Host SVE state is discarded *after* modification by ptrace, which was an\n unintentional ptrace ABI change introduced with lazy discarding of SVE state.\n\n* The host FPMR value can be discarded when running a non-protected VM,\n where FPMR support is not exposed to a VM, and that VM uses\n FPSIMD/SVE. In these cases the hyp code does not save the host\u0027s FPMR\n before unbinding the host\u0027s FPSIMD/SVE/SME state, leaving a stale\n value in memory.\n\nAvoid these by eagerly saving and \"flushing\" the host\u0027s FPSIMD/SVE/SME\nstate when loading a vCPU such that KVM does not need to save any of the\nhost\u0027s FPSIMD/SVE/SME state. For clarity, fpsimd_kvm_prepare() is\nremoved and the necessary call to fpsimd_save_and_flush_cpu_state() is\nplaced in kvm_arch_vcpu_load_fp(). As \u0027fpsimd_state\u0027 and \u0027fpmr_ptr\u0027\nshould not be used, they are set to NULL; all uses of these will be\nremoved in subsequent patches.\n\nHistorical problems go back at least as far as v5.17, e.g. erroneous\nassumptions about TIF_SVE being clear in commit:\n\n 8383741ab2e773a9 (\"KVM: arm64: Get rid of host SVE tracking/saving\")\n\n... and so this eager save+flush probably needs to be backported to ALL\nstable trees.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22013",
"url": "https://www.suse.com/security/cve/CVE-2025-22013"
},
{
"category": "external",
"summary": "SUSE Bug 1240938 for CVE-2025-22013",
"url": "https://bugzilla.suse.com/1240938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22013"
},
{
"cve": "CVE-2025-22014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22014"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pdr: Fix the potential deadlock\n\nWhen some client process A call pdr_add_lookup() to add the look up for\nthe service and does schedule locator work, later a process B got a new\nserver packet indicating locator is up and call pdr_locator_new_server()\nwhich eventually sets pdr-\u003elocator_init_complete to true which process A\nsees and takes list lock and queries domain list but it will timeout due\nto deadlock as the response will queued to the same qmi-\u003ewq and it is\nordered workqueue and process B is not able to complete new server\nrequest work due to deadlock on list lock.\n\nFix it by removing the unnecessary list iteration as the list iteration\nis already being done inside locator work, so avoid it here and just\ncall schedule_work() here.\n\n Process A Process B\n\n process_scheduled_works()\npdr_add_lookup() qmi_data_ready_work()\n process_scheduled_works() pdr_locator_new_server()\n pdr-\u003elocator_init_complete=true;\n pdr_locator_work()\n mutex_lock(\u0026pdr-\u003elist_lock);\n\n pdr_locate_service() mutex_lock(\u0026pdr-\u003elist_lock);\n\n pdr_get_domain_list()\n pr_err(\"PDR: %s get domain list\n txn wait failed: %d\\n\",\n req-\u003eservice_name,\n ret);\n\nTimeout error log due to deadlock:\n\n\"\n PDR: tms/servreg get domain list txn wait failed: -110\n PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110\n\"\n\nThanks to Bjorn and Johan for letting me know that this commit also fixes\nan audio regression when using the in-kernel pd-mapper as that makes it\neasier to hit this race. [1]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22014",
"url": "https://www.suse.com/security/cve/CVE-2025-22014"
},
{
"category": "external",
"summary": "SUSE Bug 1240937 for CVE-2025-22014",
"url": "https://bugzilla.suse.com/1240937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-22014"
},
{
"cve": "CVE-2025-2312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2312"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host\u0027s Kerberos credentials cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2312",
"url": "https://www.suse.com/security/cve/CVE-2025-2312"
},
{
"category": "external",
"summary": "SUSE Bug 1239680 for CVE-2025-2312",
"url": "https://bugzilla.suse.com/1239680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-28.1.21.6.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-28.1.x86_64",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-28-default-1-3.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-28.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T14:37:10Z",
"details": "moderate"
}
],
"title": "CVE-2025-2312"
}
]
}
wid-sec-w-2025-1439
Vulnerability from csaf_certbund
Published
2025-06-30 22:00
Modified
2025-06-30 22:00
Summary
Dell Secure Connect Gateway: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Dell Secure Connect Gateway ist eine Softwarelösung, die als sicherer, zentralisierter Punkt für die Verwaltung des Fernzugriffs und des Supports für Hardware und Software von Dell Technologies dient.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Dell Secure Connect Gateway ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Dell Secure Connect Gateway ist eine Softwarel\u00f6sung, die als sicherer, zentralisierter Punkt f\u00fcr die Verwaltung des Fernzugriffs und des Supports f\u00fcr Hardware und Software von Dell Technologies dient.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Dell Secure Connect Gateway ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1439 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1439.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1439 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1439"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-260 vom 2025-06-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000337528/dsa-2025-260-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "Dell Secure Connect Gateway: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2025-06-30T22:00:00.000+00:00",
"generator": {
"date": "2025-07-01T15:23:17.939+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1439",
"initial_release_date": "2025-06-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.30.0.14",
"product": {
"name": "Dell Secure Connect Gateway \u003c5.30.0.14",
"product_id": "T044974"
}
},
{
"category": "product_version",
"name": "5.30.0.14",
"product": {
"name": "Dell Secure Connect Gateway 5.30.0.14",
"product_id": "T044974-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:5.30.0.14"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-39028",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2022-39028"
},
{
"cve": "CVE-2023-4016",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-4016"
},
{
"cve": "CVE-2023-40403",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-40403"
},
{
"cve": "CVE-2023-46316",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-46316"
},
{
"cve": "CVE-2023-52426",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2023-52831",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52831"
},
{
"cve": "CVE-2023-52924",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2023-52926",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52926"
},
{
"cve": "CVE-2023-52927",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-10041",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-10041"
},
{
"cve": "CVE-2024-11168",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-11168"
},
{
"cve": "CVE-2024-12243",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-12243"
},
{
"cve": "CVE-2024-26634",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-26634"
},
{
"cve": "CVE-2024-26708",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26873",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-26873"
},
{
"cve": "CVE-2024-29018",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-29018"
},
{
"cve": "CVE-2024-35826",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-35826"
},
{
"cve": "CVE-2024-35910",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-40635",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-40635"
},
{
"cve": "CVE-2024-40980",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41005",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41055",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-41077",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41149",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-41149"
},
{
"cve": "CVE-2024-42307",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-42307"
},
{
"cve": "CVE-2024-43790",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-43790"
},
{
"cve": "CVE-2024-43802",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-43802"
},
{
"cve": "CVE-2024-43820",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-44974",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-45306",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-45306"
},
{
"cve": "CVE-2024-46736",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-46736"
},
{
"cve": "CVE-2024-46782",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46796",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-46796"
},
{
"cve": "CVE-2024-47220",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-47220"
},
{
"cve": "CVE-2024-47408",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47794",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49571",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49761",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49761"
},
{
"cve": "CVE-2024-49924",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49940",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49940"
},
{
"cve": "CVE-2024-49994",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50029",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50056",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50085",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50126",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50152",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50152"
},
{
"cve": "CVE-2024-50185",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50290",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50294",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-52559",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-53057",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53123",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53140",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53147",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53163",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53176",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53680",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54683",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-55549",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-55549"
},
{
"cve": "CVE-2024-56171",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56171"
},
{
"cve": "CVE-2024-56568",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56568"
},
{
"cve": "CVE-2024-56579",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56633",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56638",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56647",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56702",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56720",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-56751",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57807",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57807"
},
{
"cve": "CVE-2024-57834",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57889",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57900",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57947",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57948",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57973",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57978",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57990",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57993",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57996",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57999",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58002",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58005",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58009",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58011",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58017",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58019",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58034",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58051",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58052",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58052"
},
{
"cve": "CVE-2024-58054",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58054"
},
{
"cve": "CVE-2024-58055",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58055"
},
{
"cve": "CVE-2024-58056",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58056"
},
{
"cve": "CVE-2024-58057",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58057"
},
{
"cve": "CVE-2024-58058",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58061",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58061"
},
{
"cve": "CVE-2024-58063",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58069",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58069"
},
{
"cve": "CVE-2024-58072",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58076",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58076"
},
{
"cve": "CVE-2024-58078",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58078"
},
{
"cve": "CVE-2024-58079",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58079"
},
{
"cve": "CVE-2024-58080",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58080"
},
{
"cve": "CVE-2024-58083",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58085",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2024-58086",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58086"
},
{
"cve": "CVE-2024-8176",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-8176"
},
{
"cve": "CVE-2025-0395",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-0395"
},
{
"cve": "CVE-2025-1094",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-1094"
},
{
"cve": "CVE-2025-1215",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-1215"
},
{
"cve": "CVE-2025-1795",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-1795"
},
{
"cve": "CVE-2025-21631",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21635",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21636",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21659",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21665",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21667",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21671",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21671"
},
{
"cve": "CVE-2025-21673",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21680",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21693",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21697",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21701",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21703",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21704",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21705",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21708",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21711",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21714",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21718",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21723",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21731",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21738",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21741",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21749",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21753",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21756",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21759",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21772",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21775",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21779",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21784",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21790",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21793",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21799",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21804",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21810",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21815",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21819",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21823",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21825",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21825"
},
{
"cve": "CVE-2025-21828",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21828"
},
{
"cve": "CVE-2025-21829",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21829"
},
{
"cve": "CVE-2025-21830",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21830"
},
{
"cve": "CVE-2025-21831",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21831"
},
{
"cve": "CVE-2025-21832",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21835",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21838",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21838"
},
{
"cve": "CVE-2025-21844",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21855",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21864",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21869",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21876",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21883",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21885",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21888",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21890",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21892"
},
{
"cve": "CVE-2025-22134",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22134"
},
{
"cve": "CVE-2025-22228",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22228"
},
{
"cve": "CVE-2025-22247",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22247"
},
{
"cve": "CVE-2025-22868",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-22869",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-24014",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-24014"
},
{
"cve": "CVE-2025-24813",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-24813"
},
{
"cve": "CVE-2025-24855",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-24855"
},
{
"cve": "CVE-2025-24928",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-24928"
},
{
"cve": "CVE-2025-2588",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-2588"
},
{
"cve": "CVE-2025-26465",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-26465"
},
{
"cve": "CVE-2025-26466",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-26466"
},
{
"cve": "CVE-2025-26597",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-26597"
},
{
"cve": "CVE-2025-27113",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-27113"
},
{
"cve": "CVE-2025-27219",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-27219"
},
{
"cve": "CVE-2025-27220",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-27220"
},
{
"cve": "CVE-2025-27363",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-27363"
},
{
"cve": "CVE-2025-29087",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-29087"
},
{
"cve": "CVE-2025-29088",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-29088"
},
{
"cve": "CVE-2025-31115",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-31115"
},
{
"cve": "CVE-2025-31335",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-31335"
},
{
"cve": "CVE-2025-31650",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-31650"
},
{
"cve": "CVE-2025-31651",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-32414",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-32414"
},
{
"cve": "CVE-2025-32415",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-32415"
},
{
"cve": "CVE-2025-32728",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-32728"
},
{
"cve": "CVE-2025-3360",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-3360"
},
{
"cve": "CVE-2025-4207",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-4207"
},
{
"cve": "CVE-2025-4382",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-4382"
},
{
"cve": "CVE-2025-47268",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-47268"
},
{
"cve": "CVE-2025-4802",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-4802"
},
{
"cve": "CVE-2025-48734",
"product_status": {
"known_affected": [
"T044974"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-48734"
}
]
}
wid-sec-w-2025-0119
Vulnerability from csaf_certbund
Published
2025-01-19 23:00
Modified
2025-08-12 22:00
Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder andere nicht spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder andere nicht spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0119 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0119.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0119 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0119"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57904",
"url": "https://lore.kernel.org/linux-cve-announce/2025011934-CVE-2024-57904-dac5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57905",
"url": "https://lore.kernel.org/linux-cve-announce/2025011937-CVE-2024-57905-7d0d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57906",
"url": "https://lore.kernel.org/linux-cve-announce/2025011937-CVE-2024-57906-6e61@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57907",
"url": "https://lore.kernel.org/linux-cve-announce/2025011937-CVE-2024-57907-e5dd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57908",
"url": "https://lore.kernel.org/linux-cve-announce/2025011938-CVE-2024-57908-654f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57909",
"url": "https://lore.kernel.org/linux-cve-announce/2025011938-CVE-2024-57909-ed6a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57910",
"url": "https://lore.kernel.org/linux-cve-announce/2025011938-CVE-2024-57910-e4e0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57911",
"url": "https://lore.kernel.org/linux-cve-announce/2025011939-CVE-2024-57911-0e13@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57912",
"url": "https://lore.kernel.org/linux-cve-announce/2025011939-CVE-2024-57912-6049@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57913",
"url": "https://lore.kernel.org/linux-cve-announce/2025011939-CVE-2024-57913-d69f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57914",
"url": "https://lore.kernel.org/linux-cve-announce/2025011940-CVE-2024-57914-33e0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57915",
"url": "https://lore.kernel.org/linux-cve-announce/2025011940-CVE-2024-57915-fc93@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57916",
"url": "https://lore.kernel.org/linux-cve-announce/2025011940-CVE-2024-57916-4116@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57917",
"url": "https://lore.kernel.org/linux-cve-announce/2025011941-CVE-2024-57917-f1e1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57918",
"url": "https://lore.kernel.org/linux-cve-announce/2025011941-CVE-2024-57918-ad02@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57919",
"url": "https://lore.kernel.org/linux-cve-announce/2025011941-CVE-2024-57919-9800@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57920",
"url": "https://lore.kernel.org/linux-cve-announce/2025011942-CVE-2024-57920-b514@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57921",
"url": "https://lore.kernel.org/linux-cve-announce/2025011942-CVE-2024-57921-836d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57922",
"url": "https://lore.kernel.org/linux-cve-announce/2025011942-CVE-2024-57922-1f81@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57923",
"url": "https://lore.kernel.org/linux-cve-announce/2025011943-CVE-2024-57923-3c99@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57924",
"url": "https://lore.kernel.org/linux-cve-announce/2025011943-CVE-2024-57924-954a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57925",
"url": "https://lore.kernel.org/linux-cve-announce/2025011944-CVE-2024-57925-b738@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57926",
"url": "https://lore.kernel.org/linux-cve-announce/2025011944-CVE-2024-57926-023f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57927",
"url": "https://lore.kernel.org/linux-cve-announce/2025011944-CVE-2024-57927-fb00@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57928",
"url": "https://lore.kernel.org/linux-cve-announce/2025011945-CVE-2024-57928-7291@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-57929",
"url": "https://lore.kernel.org/linux-cve-announce/2025011945-CVE-2024-57929-2b82@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21631",
"url": "https://lore.kernel.org/linux-cve-announce/2025011939-CVE-2025-21631-5f2d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21632",
"url": "https://lore.kernel.org/linux-cve-announce/2025011942-CVE-2025-21632-9fde@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21633",
"url": "https://lore.kernel.org/linux-cve-announce/2025011942-CVE-2025-21633-a313@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21634",
"url": "https://lore.kernel.org/linux-cve-announce/2025011942-CVE-2025-21634-011f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21635",
"url": "https://lore.kernel.org/linux-cve-announce/2025011943-CVE-2025-21635-12e7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21636",
"url": "https://lore.kernel.org/linux-cve-announce/2025011943-CVE-2025-21636-0bb0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21637",
"url": "https://lore.kernel.org/linux-cve-announce/2025011943-CVE-2025-21637-3dde@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21638",
"url": "https://lore.kernel.org/linux-cve-announce/2025011944-CVE-2025-21638-35a8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21639",
"url": "https://lore.kernel.org/linux-cve-announce/2025011944-CVE-2025-21639-f1ca@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21640",
"url": "https://lore.kernel.org/linux-cve-announce/2025011944-CVE-2025-21640-4dd1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21641",
"url": "https://lore.kernel.org/linux-cve-announce/2025011944-CVE-2025-21641-0897@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21642",
"url": "https://lore.kernel.org/linux-cve-announce/2025011944-CVE-2025-21642-5728@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21643",
"url": "https://lore.kernel.org/linux-cve-announce/2025011945-CVE-2025-21643-f3f6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21644",
"url": "https://lore.kernel.org/linux-cve-announce/2025011945-CVE-2025-21644-9113@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21645",
"url": "https://lore.kernel.org/linux-cve-announce/2025011945-CVE-2025-21645-e342@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21646",
"url": "https://lore.kernel.org/linux-cve-announce/2025011945-CVE-2025-21646-8f6e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21647",
"url": "https://lore.kernel.org/linux-cve-announce/2025011946-CVE-2025-21647-51d8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21648",
"url": "https://lore.kernel.org/linux-cve-announce/2025011946-CVE-2025-21648-bcda@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21649",
"url": "https://lore.kernel.org/linux-cve-announce/2025011946-CVE-2025-21649-f7ac@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21650",
"url": "https://lore.kernel.org/linux-cve-announce/2025011946-CVE-2025-21650-3a74@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21651",
"url": "https://lore.kernel.org/linux-cve-announce/2025011946-CVE-2025-21651-fbe8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21652",
"url": "https://lore.kernel.org/linux-cve-announce/2025011947-CVE-2025-21652-95d7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21653",
"url": "https://lore.kernel.org/linux-cve-announce/2025011947-CVE-2025-21653-b6c0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-21654",
"url": "https://lore.kernel.org/linux-cve-announce/2025011947-CVE-2025-21654-5eac@gregkh/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0289-1 vom 2025-01-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020239.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5860 vom 2025-02-08",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00023.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0428-1 vom 2025-02-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020311.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0499-1 vom 2025-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020336.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0557-1 vom 2025-02-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020350.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0565-1 vom 2025-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020360.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0564-1 vom 2025-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020361.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2025-094 vom 2025-02-25",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2025-094.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2025-063 vom 2025-02-25",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2025-063.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4075 vom 2025-03-01",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4076 vom 2025-03-01",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0784-1 vom 2025-03-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020484.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0833-1 vom 2025-03-11",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/NVOTJPDFQQWPNLUFPKTQVNNMK5RQPZGP/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0833-2 vom 2025-03-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020502.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0834-1 vom 2025-03-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020497.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0847-1 vom 2025-03-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020505.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0853-1 vom 2025-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020506.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2025-082 vom 2025-03-14",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2025-082.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2025-067 vom 2025-03-14",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2025-067.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2025-085 vom 2025-03-14",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2025-085.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/OSPHACQPT5GWCIN3WJL55RCYA4OHTBLI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020508.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0856-1 vom 2025-03-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OSPHACQPT5GWCIN3WJL55RCYA4OHTBLI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0955-1 vom 2025-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020563.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-206 vom 2025-03-26",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-206.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7388-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7388-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7381-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7381-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7382-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7382-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7387-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7387-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7380-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7380-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7379-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7379-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7387-3 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7387-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7391-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7391-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7392-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7392-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7390-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7390-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7393-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7393-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7392-2 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7392-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7389-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7389-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7387-2 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7387-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7401-1 vom 2025-04-01",
"url": "https://ubuntu.com/security/notices/USN-7401-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2025-097 vom 2025-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2025-097.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7392-4 vom 2025-04-01",
"url": "https://ubuntu.com/security/notices/USN-7392-4"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-208 vom 2025-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-208.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-209 vom 2025-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-209.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASLIVEPATCH-2025-210 vom 2025-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALASLIVEPATCH-2025-210.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7392-3 vom 2025-04-01",
"url": "https://ubuntu.com/security/notices/USN-7392-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7379-2 vom 2025-04-01",
"url": "https://ubuntu.com/security/notices/USN-7379-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7407-1 vom 2025-04-02",
"url": "https://ubuntu.com/security/notices/USN-7407-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7413-1 vom 2025-04-03",
"url": "https://ubuntu.com/security/notices/USN-7413-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7421-1 vom 2025-04-07",
"url": "https://ubuntu.com/security/notices/USN-7421-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1177-1 vom 2025-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020670.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1178-1 vom 2025-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020674.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1180-1 vom 2025-04-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DGJ23MSZWYIA7MJ47RNVV6T27Z324VKA/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7459-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7459-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7463-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7463-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7458-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7458-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7459-2 vom 2025-04-28",
"url": "https://ubuntu.com/security/notices/USN-7459-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:6966 vom 2025-05-13",
"url": "https://access.redhat.com/errata/RHSA-2025:6966"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7423 vom 2025-05-13",
"url": "https://access.redhat.com/errata/RHSA-2025:7423"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7515-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7515-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7516-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7513-2 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7513-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7514-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7514-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7510-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7513-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7513-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-2 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7510-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7511-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7511-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7512-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7512-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-2 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7511-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7517-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7517-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7518-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7518-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7511-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7511-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7523-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7523-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7522-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7522-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7516-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7515-2 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7515-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7513-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7513-3"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01600-1 vom 2025-05-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020854.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7510-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-4 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7510-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-5 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7510-5"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01614-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020870.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7517-2 vom 2025-05-21",
"url": "https://ubuntu.com/security/notices/USN-7517-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-4 vom 2025-05-21",
"url": "https://ubuntu.com/security/notices/USN-7516-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-5 vom 2025-05-23",
"url": "https://ubuntu.com/security/notices/USN-7516-5"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-7903 vom 2025-05-23",
"url": "https://linux.oracle.com/errata/ELSA-2025-7903.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-7423 vom 2025-05-23",
"url": "https://linux.oracle.com/errata/ELSA-2025-7423.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5925 vom 2025-05-24",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00088.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4178 vom 2025-05-26",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7524-1 vom 2025-05-26",
"url": "https://ubuntu.com/security/notices/USN-7524-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01707-1 vom 2025-05-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020902.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-6 vom 2025-05-26",
"url": "https://ubuntu.com/security/notices/USN-7516-6"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-6 vom 2025-05-27",
"url": "https://ubuntu.com/security/notices/USN-7510-6"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7540-1 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7540-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-7 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7510-7"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7513-4 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7513-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7539-1 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7539-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20343-1 vom 2025-05-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020965.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7510-8 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7510-8"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7513-5 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7513-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-7 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7516-7"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20344-1 vom 2025-05-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020964.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-8 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7516-8"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7516-9 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7516-9"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-213 vom 2025-05-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000326299/dsa-2025-213-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-multiple-third-party-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20355-1 vom 2025-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021015.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20354-1 vom 2025-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021016.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20249-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021072.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20248-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021074.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20260-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021058.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20270-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021056.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20192-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021150.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20190-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021154.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20165-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021174.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20166-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021176.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01919-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021477.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01951-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021509.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01967-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021533.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01964-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021531.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01965-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021535.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20408-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021550.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20413-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021547.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01972-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021537.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01983-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021538.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02000-1 vom 2025-06-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021568.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20421-1 vom 2025-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021590.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20419-1 vom 2025-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021591.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7593-1 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7593-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7595-1 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7595-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7595-2 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7595-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7596-1 vom 2025-06-24",
"url": "https://ubuntu.com/security/notices/USN-7596-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7596-2 vom 2025-06-25",
"url": "https://ubuntu.com/security/notices/USN-7596-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7595-3 vom 2025-06-25",
"url": "https://ubuntu.com/security/notices/USN-7595-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7602-1 vom 2025-06-26",
"url": "https://ubuntu.com/security/notices/USN-7602-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7595-4 vom 2025-06-26",
"url": "https://ubuntu.com/security/notices/USN-7595-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7595-5 vom 2025-06-30",
"url": "https://ubuntu.com/security/notices/USN-7595-5"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20406 vom 2025-07-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-20406.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7640-1 vom 2025-07-16",
"url": "https://ubuntu.com/security/notices/USN-7640-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7653-1 vom 2025-07-17",
"url": "https://ubuntu.com/security/notices/USN-7653-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4271 vom 2025-08-13",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-12T22:00:00.000+00:00",
"generator": {
"date": "2025-08-13T06:27:12.144+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0119",
"initial_release_date": "2025-01-19T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-01-19T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-01-29T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-09T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-02-11T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-13T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-16T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-17T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-25T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-03-02T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-03-05T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-11T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-12T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-13T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2025-03-19T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-26T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-03-27T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-03-30T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-01T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Ubuntu und Amazon aufgenommen"
},
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-03T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-07T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-08T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-24T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-28T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-13T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-18T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-19T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-20T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2025-05-21T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-05-22T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
},
{
"date": "2025-05-25T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-05-26T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Debian, Ubuntu und SUSE aufgenommen"
},
{
"date": "2025-05-27T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-11T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-15T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-16T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-17T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-19T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-23T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-24T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-25T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-26T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-08T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-07-16T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-17T22:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-31T22:00:00.000+00:00",
"number": "50",
"summary": "Referenz(en) aufgenommen:"
},
{
"date": "2025-08-12T22:00:00.000+00:00",
"number": "51",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "51"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T034583",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T008144",
"product_identification_helper": {
"cpe": "cpe:/a:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57904",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57904"
},
{
"cve": "CVE-2024-57905",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57905"
},
{
"cve": "CVE-2024-57906",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57906"
},
{
"cve": "CVE-2024-57907",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57907"
},
{
"cve": "CVE-2024-57908",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57908"
},
{
"cve": "CVE-2024-57909",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57909"
},
{
"cve": "CVE-2024-57910",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57910"
},
{
"cve": "CVE-2024-57911",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57911"
},
{
"cve": "CVE-2024-57912",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57912"
},
{
"cve": "CVE-2024-57913",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57913"
},
{
"cve": "CVE-2024-57914",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57914"
},
{
"cve": "CVE-2024-57915",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57915"
},
{
"cve": "CVE-2024-57916",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57916"
},
{
"cve": "CVE-2024-57917",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57917"
},
{
"cve": "CVE-2024-57918",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57918"
},
{
"cve": "CVE-2024-57919",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57919"
},
{
"cve": "CVE-2024-57920",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57920"
},
{
"cve": "CVE-2024-57921",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57921"
},
{
"cve": "CVE-2024-57922",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57922"
},
{
"cve": "CVE-2024-57923",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57923"
},
{
"cve": "CVE-2024-57924",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57924"
},
{
"cve": "CVE-2024-57925",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57925"
},
{
"cve": "CVE-2024-57926",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57926"
},
{
"cve": "CVE-2024-57927",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57927"
},
{
"cve": "CVE-2024-57928",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57928"
},
{
"cve": "CVE-2024-57929",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2024-57929"
},
{
"cve": "CVE-2025-21631",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21632",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21632"
},
{
"cve": "CVE-2025-21633",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21633"
},
{
"cve": "CVE-2025-21634",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21634"
},
{
"cve": "CVE-2025-21635",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21636",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21641",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21641"
},
{
"cve": "CVE-2025-21642",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21642"
},
{
"cve": "CVE-2025-21643",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21643"
},
{
"cve": "CVE-2025-21644",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21644"
},
{
"cve": "CVE-2025-21645",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21645"
},
{
"cve": "CVE-2025-21646",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21646"
},
{
"cve": "CVE-2025-21647",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21648",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21648"
},
{
"cve": "CVE-2025-21649",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21649"
},
{
"cve": "CVE-2025-21650",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21650"
},
{
"cve": "CVE-2025-21651",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21651"
},
{
"cve": "CVE-2025-21652",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21652"
},
{
"cve": "CVE-2025-21653",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21653"
},
{
"cve": "CVE-2025-21654",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"398363",
"T004914",
"T008144",
"T039664"
]
},
"release_date": "2025-01-19T23:00:00.000+00:00",
"title": "CVE-2025-21654"
}
]
}
fkie_cve-2025-21640
Vulnerability from fkie_nvd
Published
2025-01-19 11:15
Modified
2025-04-10 13:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
As mentioned in a previous commit of this series, using the 'net'
structure via 'current' is not recommended for different reasons:
- Inconsistency: getting info from the reader's/writer's netns vs only
from the opener's netns.
- current->nsproxy can be NULL in some cases, resulting in an 'Oops'
(null-ptr-deref), e.g. when the current task is exiting, as spotted by
syzbot [1] using acct(2).
The 'net' structure can be obtained from the table->data using
container_of().
Note that table->data could also be used directly, as this is the only
member needed from the 'net' structure, but that would increase the size
of this fix, to use '*data' everywhere 'net->sctp.sctp_hmac_alg' is
used.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/03ca51faba2b017bf6c90e139434c4117d0afcdc | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/3cd0659deb9c03535fd61839e91d4d4d3e51ac71 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/5599b212d2f4466e1832a94e9932684aaa364587 | ||
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/86ddf8118123cb58a0fb8724cad6979c4069065b | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ad673e514b2793b8d5902f6ba6ab7e890dea23d5 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ea62dd1383913b5999f3d16ae99d411f41b528d4 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/f0bb3935470684306e4e04793a20ac4c4b08de0b | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 | |
| linux | linux_kernel | 6.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "102E9A75-004D-4E72-9120-25A5A9AA7185",
"versionEndExcluding": "6.1.125",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33E12097-C88A-45B4-9677-2A961A08DD3E",
"versionEndExcluding": "6.6.72",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02D604F6-10D1-4F7B-A022-0888406A1121",
"versionEndExcluding": "6.12.10",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "93C0660D-7FB8-4FBA-892A-B064BA71E49E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "034C36A6-C481-41F3-AE9A-D116E5BE6895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sctp: sysctl: cookie_hmac_alg: evitar usar current-\u0026gt;nsproxy Como se mencion\u00f3 en un commit anterior de esta serie, no se recomienda usar la estructura \u0027net\u0027 a trav\u00e9s de \u0027current\u0027 por diferentes razones: - Inconsistencia: obtener informaci\u00f3n de los netns del lector/escritor vs solo de los netns del abridor. - current-\u0026gt;nsproxy puede ser NULL en algunos casos, lo que resulta en un \u0027Oops\u0027 (null-ptr-deref), por ejemplo cuando la tarea actual est\u00e1 saliendo, como lo detect\u00f3 syzbot [1] usando acct(2). La estructura \u0027net\u0027 se puede obtener de table-\u0026gt;data usando Container_of(). Tenga en cuenta que table-\u0026gt;data tambi\u00e9n se puede usar directamente, ya que este es el \u00fanico miembro necesario de la estructura \u0027net\u0027, pero eso aumentar\u00eda el tama\u00f1o de esta correcci\u00f3n, para usar \u0027*data\u0027 en todos los lugares donde se use \u0027net-\u0026gt;sctp.sctp_hmac_alg\u0027."
}
],
"id": "CVE-2025-21640",
"lastModified": "2025-04-10T13:15:46.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-19T11:15:09.537",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/03ca51faba2b017bf6c90e139434c4117d0afcdc"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/3cd0659deb9c03535fd61839e91d4d4d3e51ac71"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/5599b212d2f4466e1832a94e9932684aaa364587"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/86ddf8118123cb58a0fb8724cad6979c4069065b"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/ad673e514b2793b8d5902f6ba6ab7e890dea23d5"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/ea62dd1383913b5999f3d16ae99d411f41b528d4"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/f0bb3935470684306e4e04793a20ac4c4b08de0b"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ssa-265688
Vulnerability from csaf_siemens
Published
2024-04-09 00:00
Modified
2025-08-12 00:00
Summary
SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1
Notes
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1.
Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1.\n\nSiemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"category": "self",
"summary": "SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-265688.json"
}
],
"title": "SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1",
"tracking": {
"current_release_date": "2025-08-12T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-265688",
"initial_release_date": "2024-04-09T00:00:00Z",
"revision_history": [
{
"date": "2024-04-09T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-05-14T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added CVE-2024-2511"
},
{
"date": "2024-07-09T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added CVE-2024-5535"
},
{
"date": "2024-11-12T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added CVE-2024-9143"
},
{
"date": "2025-03-11T00:00:00Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added CVE-2024-36484, CVE-2024-36902, CVE-2024-36904, CVE-2024-36905, CVE-2024-36916, CVE-2024-36929, CVE-2024-36939, CVE-2024-36940, CVE-2024-36959, CVE-2024-44987, CVE-2024-44989, CVE-2024-44990, CVE-2024-45016, CVE-2024-45018, CVE-2024-46679, CVE-2024-46743, CVE-2024-46744, CVE-2024-46745, CVE-2024-46750, CVE-2024-46759, CVE-2024-46783, CVE-2024-47660, CVE-2024-50299, CVE-2024-50301, CVE-2024-53101"
},
{
"date": "2025-04-08T00:00:00Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Added CVE-2024-50302 (incl. product-specific impact description) and multiple other CVEs"
},
{
"date": "2025-06-10T00:00:00Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Added 63 CVEs"
},
{
"date": "2025-07-08T00:00:00Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Added 71 CVEs"
},
{
"date": "2025-08-12T00:00:00Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Added 147 CVEs"
}
],
"status": "interim",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4090",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-4090"
},
{
"cve": "CVE-2021-38202",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-38202"
},
{
"cve": "CVE-2021-47002",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "SUNRPC: null pointer dereference in svc_rqst_free(). When alloc_pages_node() returns null in svc_rqst_alloc(), the null rq_scratch_page pointer will be dereferenced when calling put_page() in svc_rqst_free().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-47002"
},
{
"cve": "CVE-2021-47107",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "NFSD: READDIR buffer overflow. If a client sends a READDIR count argument that is too small (say, zero), then the buffer size calculation in the new init_dirlist helper functions results in an underflow, allowing the XDR stream functions to write beyond the actual buffer. This calculation has always been suspect. NFSD has never sanity- checked the READDIR count argument, but the old entry encoders managed the problem correctly. With the commits below, entry encoding changed, exposing the underflow to the pointer arithmetic in xdr_reserve_space(). Modern NFS clients attempt to retrieve as much data as possible for each READDIR request.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-47107"
},
{
"cve": "CVE-2021-47316",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nfsd: NULL dereference in nfs3svc_encode_getaclres.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2021-47316"
},
{
"cve": "CVE-2022-38096",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2022-38096"
},
{
"cve": "CVE-2022-43945",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2022-43945"
},
{
"cve": "CVE-2022-48827",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "NFSD: vulnerability caused by loff_t overflow on the server when a client reads near the maximum offset, causing the server to return an EINVAL error, which the client retries indefinitely, instead of handling out-of-range READ requests by returning a short result with an EOF flag.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2022-48827"
},
{
"cve": "CVE-2022-48828",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "NFSD: Vulnerability caused by an underflow in ia_size due to a mismatch between signed and unsigned 64-bit file size values, which can cause issues when handling large file sizes from NFS clients.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2022-48828"
},
{
"cve": "CVE-2022-48829",
"cwe": {
"id": "CWE-253",
"name": "Incorrect Check of Function Return Value"
},
"notes": [
{
"category": "summary",
"text": "NFSD: Vulnerability handling large file sizes for NFSv3 improperly capping client size values larger than s64_max, leading to unexpected behavior and potential data corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2022-48829"
},
{
"cve": "CVE-2023-1652",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-1652"
},
{
"cve": "CVE-2023-5678",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn\u0027t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn\u0027t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2023-6121",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6121"
},
{
"cve": "CVE-2023-6817",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.\n\nWe recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6817"
},
{
"cve": "CVE-2023-6931",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event\u0027s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6931"
},
{
"cve": "CVE-2023-6932",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-6932"
},
{
"cve": "CVE-2023-28746",
"cwe": {
"id": "CWE-1342",
"name": "Information Exposure through Microarchitectural State after Transient Execution"
},
"notes": [
{
"category": "summary",
"text": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-28746"
},
{
"cve": "CVE-2023-45898",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-45898"
},
{
"cve": "CVE-2023-47233",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-47233"
},
{
"cve": "CVE-2023-52447",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bpf: Defer the free of inner map when necessary when updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpf_map_fd_put_ptr() decreases the ref-counter of the inner map directly through bpf_map_put(), if the ref-counter is the last one (which is true for most cases), the inner map will be freed by ops-\u003emap_free() in a kworker. But for now, most .map_free() callbacks don\u0027t use synchronize_rcu() or its variants to wait for the elapse of a RCU grace period, so after the invocation of ops-\u003emap_free completes, the bpf program which is accessing the inner map may incur use-after-free vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-52447"
},
{
"cve": "CVE-2023-52458",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblock: add check that partition length needs to be aligned with block size",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-52458"
},
{
"cve": "CVE-2023-52614",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nPM / devfreq: Fix buffer overflow in trans_stat_show",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-52614"
},
{
"cve": "CVE-2023-52620",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: disallow timeout for anonymous sets\r\n\r\nNever used from userspace, disallow these parameters.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2023-52620"
},
{
"cve": "CVE-2024-0584",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-0584"
},
{
"cve": "CVE-2024-0727",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-0727"
},
{
"cve": "CVE-2024-2511",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions. An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-2511"
},
{
"cve": "CVE-2024-5535",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a \"no overlap\" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-5535"
},
{
"cve": "CVE-2024-9143",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Use of the low-level GF(2m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we\u0027re aware of, either only \"named curves\" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2m)) curves that can\u0027t represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an \"exotic\" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with \"exotic\" explicit binary (GF(2m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2024-22099",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.\n\nThis issue affects Linux kernel: v2.6.12-rc2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-22099"
},
{
"cve": "CVE-2024-23307",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-23307"
},
{
"cve": "CVE-2024-23848",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-23848"
},
{
"cve": "CVE-2024-24857",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A race condition was found in the Linux kernel\u0027s net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-24857"
},
{
"cve": "CVE-2024-24858",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A race condition was found in the Linux kernel\u0027s net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-24858"
},
{
"cve": "CVE-2024-24859",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A race condition was found in the Linux kernel\u0027s net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-24859"
},
{
"cve": "CVE-2024-25739",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi-\u003eleb_size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-25739"
},
{
"cve": "CVE-2024-26629",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"notes": [
{
"category": "summary",
"text": "nfsd: The test on so_count in nfsd4_release_lockowner() is potentially harmful. It can transiently return a false positive resulting in a return of NFS4ERR_LOCKS_HELD when in fact no locks are held. This is clearly a protocol violation and with the Linux NFS client it can cause incorrect behaviour.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26629"
},
{
"cve": "CVE-2024-26642",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: disallow anonymous set with timeout flag",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26642"
},
{
"cve": "CVE-2024-26643",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26643"
},
{
"cve": "CVE-2024-26651",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "sr9800: Local Denial of Service Vulnerability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26651"
},
{
"cve": "CVE-2024-26659",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "xhci: isoc Babble and Buffer Overrun events are not handled properly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26659"
},
{
"cve": "CVE-2024-26787",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "mmc: mmci: stm32: Fixed issue with overlapping mappings in the DMA API.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26787"
},
{
"cve": "CVE-2024-26810",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nvfio/pci: Lock external INTx masking ops",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26812",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nvfio/pci: Create persistent INTx handler",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26812"
},
{
"cve": "CVE-2024-26816",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"notes": [
{
"category": "summary",
"text": "x86, relocs: relocations in .notes section. When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the \"startup_xen\" entry point.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26816"
},
{
"cve": "CVE-2024-26820",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26820"
},
{
"cve": "CVE-2024-26851",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netfilter: nf_conntrack_h323: Add protection for bmp length out of range.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26851"
},
{
"cve": "CVE-2024-26852",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/ipv6: possible UAF in ip6_route_mpath_notify().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26852"
},
{
"cve": "CVE-2024-26855",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26855"
},
{
"cve": "CVE-2024-26859",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/bnx2x: Race condition leading to system crash during EEH error handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26859"
},
{
"cve": "CVE-2024-26861",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wireguard: receive: data-race around receiving_counter.counter.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26861"
},
{
"cve": "CVE-2024-26863",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsr_get_node().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26863"
},
{
"cve": "CVE-2024-26870",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26870"
},
{
"cve": "CVE-2024-26872",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "RDMA/srpt: use-after-free Write in srpt_refresh_port().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26872"
},
{
"cve": "CVE-2024-26875",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: pvrusb2: fix uaf in pvr2_context_set_notify.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26875"
},
{
"cve": "CVE-2024-26877",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "crypto: xilinx - call finalize with bh disabled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26877"
},
{
"cve": "CVE-2024-26878",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26878"
},
{
"cve": "CVE-2024-26880",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26880"
},
{
"cve": "CVE-2024-26882",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26882"
},
{
"cve": "CVE-2024-26883",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bpf: Fix stackmap overflow check on 32-bit arches.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26883"
},
{
"cve": "CVE-2024-26884",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bpf: Fix hashtab overflow check on 32-bit arches.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26884"
},
{
"cve": "CVE-2024-26885",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Fix DEVMAP_HASH overflow check on 32-bit arches\r\n\r\nThe devmap code allocates a number hash buckets equal to the next power\r\nof two of the max_entries value provided when creating the map. When\r\nrounding up to the next power of two, the 32-bit variable storing the\r\nnumber of buckets can overflow, and the code checks for overflow by\r\nchecking if the truncated 32-bit value is equal to 0. However, on 32-bit\r\narches the rounding up itself can overflow mid-way through, because it\r\nends up doing a left-shift of 32 bits on an unsigned long value. If the\r\nsize of an unsigned long is four bytes, this is undefined behaviour, so\r\nthere is no guarantee that we\u0027ll end up with a nice and tidy 0-value at\r\nthe end.\r\n\r\nSyzbot managed to turn this into a crash on arm32 by creating a\r\nDEVMAP_HASH with max_entries \u003e 0x80000000 and then trying to update it.\r\nFix this by moving the overflow check to before the rounding up\r\noperation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26885"
},
{
"cve": "CVE-2024-26889",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: hci_core: Fix possible buffer overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26889"
},
{
"cve": "CVE-2024-26891",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "iommu/vt-d: Don\u0027t issue ATS Invalidation request when device is disconnected.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26891"
},
{
"cve": "CVE-2024-26894",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26894"
},
{
"cve": "CVE-2024-26895",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26895"
},
{
"cve": "CVE-2024-26897",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26897"
},
{
"cve": "CVE-2024-26898",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26898"
},
{
"cve": "CVE-2024-26901",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26901"
},
{
"cve": "CVE-2024-26903",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: rfcomm: Fixed null-ptr-deref in rfcomm_check_security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26903"
},
{
"cve": "CVE-2024-26906",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26906"
},
{
"cve": "CVE-2024-26907",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "RDMA/mlx5: Fixed fortify source warning while accessing Eth segment.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26907"
},
{
"cve": "CVE-2024-26920",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntracing/trigger: Fix to return error if failed to alloc snapshot",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26920"
},
{
"cve": "CVE-2024-26923",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26923"
},
{
"cve": "CVE-2024-26925",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26925"
},
{
"cve": "CVE-2024-26934",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nUSB: core: Fix deadlock in usb_deauthorize_interface()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26934"
},
{
"cve": "CVE-2024-26935",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nscsi: core: Fix unremoved procfs host directory regression",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26935"
},
{
"cve": "CVE-2024-26937",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/i915/gt: Reset queue_priority_hint on parking",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26937"
},
{
"cve": "CVE-2024-26950",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwireguard: netlink: access device through ctx instead of peer",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26950"
},
{
"cve": "CVE-2024-26951",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwireguard: netlink: check for dangling peer via is_dead instead of empty list",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26951"
},
{
"cve": "CVE-2024-26958",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfs: fix UAF in direct writes",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26958"
},
{
"cve": "CVE-2024-26960",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmm: swap: fix race between free_swap_and_cache() and swapoff()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26960"
},
{
"cve": "CVE-2024-26961",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmac802154: fix llsec key resources release in mac802154_llsec_key_del",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26961"
},
{
"cve": "CVE-2024-26973",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must be a multiple of 4 so the file handle is actually 12 bytes long and the last two bytes remain uninitialized. This is not great at we potentially leak uninitialized information with the handle to userspace. Properly initialize the full handle length.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26973"
},
{
"cve": "CVE-2024-26974",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncrypto: qat - resolve race condition during AER recovery",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26974"
},
{
"cve": "CVE-2024-26988",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ninit/main.c: Fix potential static_command_line memory overflow",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26988"
},
{
"cve": "CVE-2024-26993",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs: sysfs: Fix reference leak in sysfs_break_active_protection()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-26993"
},
{
"cve": "CVE-2024-27004",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nclk: Get runtime PM before walking tree during disable_unused",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27004"
},
{
"cve": "CVE-2024-27013",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntun: limit printing rate when illegal packet received by tun dev\r\n\r\nvhost_worker will call tun call backs to receive packets. If too many\r\nillegal packets arrives, tun_do_read will keep dumping packet contents.\r\nWhen console is enabled, it will costs much more cpu time to dump\r\npacket and soft lockup will be detected.\r\n\r\nnet_ratelimit mechanism can be used to limit the dumping rate.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27013"
},
{
"cve": "CVE-2024-27020",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in nft_expr_type_get().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27020"
},
{
"cve": "CVE-2024-27024",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Linux kernel: net/rds: WARNING in rds_conn_connect_if_down If connection isn\u0027t established yet, get_mr() will fail, trigger connection after get_mr().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27024"
},
{
"cve": "CVE-2024-27025",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in Linux kernel: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errno based on other call sites within the same source code.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27025"
},
{
"cve": "CVE-2024-27038",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in Linux kernel: clk: clk_core_get NULL dereference It is possible for clk_core_get to dereference a NULL in the following sequence: clk_core_get() of_clk_get_hw_from_clkspec() __of_clk_get_hw_from_provider() __clk_get_hw() __clk_get_hw() can return NULL which is dereferenced by clk_core_get() at hw-\u003ecore. Prior to commit dde4eff47c82 (\"clk: Look for parents with clkdev based clk_lookups\") the check IS_ERR_OR_NULL() was performed which would have caught the NULL. Reading the description of this function it talks about returning NULL but that cannot be so at the moment. Update the function to check for hw before dereferencing it and return NULL if hw is NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27038"
},
{
"cve": "CVE-2024-27047",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerablity in Linux kernel: net: phy: phy_get_internal_delay accessing an empty array The phy_get_internal_delay function could try to access to an empty array in the case that the driver is calling phy_get_internal_delay without defining delay_values and rx-internal-delay-ps or tx-internal-delay-ps is defined to 0 in the device-tree. This will lead to \"unable to handle kernel NULL pointer dereference at virtual address 0\".",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27047"
},
{
"cve": "CVE-2024-27052",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in Linux kernel: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still be running, when the driver is stopped.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27052"
},
{
"cve": "CVE-2024-27053",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Linux kernel: wifi: wilc1000: RCU usage in connect path",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27053"
},
{
"cve": "CVE-2024-27059",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usb-storage: Prevent divide-by-0 error in isd200_ata_command\n\nThe isd200 sub-driver in usb-storage uses the HEADS and SECTORS values\nin the ATA ID information to calculate cylinder and head values when\ncreating a CDB for READ or WRITE commands. The calculation involves\ndivision and modulus operations, which will cause a crash if either of\nthese values is 0. While this never happens with a genuine device, it\ncould happen with a flawed or subversive emulation, as reported by the\nsyzbot fuzzer.\n\nProtect against this possibility by refusing to bind to the device if\neither the ATA_ID_HEADS or ATA_ID_SECTORS value in the device\u0027s ID\ninformation is 0. This requires isd200_Initialization() to return a\nnegative error code when initialization fails; currently it always\nreturns 0 (even when there is an error).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27059"
},
{
"cve": "CVE-2024-27065",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27065"
},
{
"cve": "CVE-2024-27072",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmedia: usbtv: Remove useless locks in usbtv_video_free()\r\n\r\nRemove locks calls in usbtv_video_free() because\r\nare useless and may led to a deadlock as reported here:\r\nhttps://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000\r\nAlso remove usbtv_stop() call since it will be called when\r\nunregistering the device.\r\n\r\nBefore \u0027c838530d230b\u0027 this issue would only be noticed if you\r\ndisconnect while streaming and now it is noticeable even when\r\ndisconnecting while not streaming.\r\n\r\n\r\n[hverkuil: fix minor spelling mistake in log message]",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27072"
},
{
"cve": "CVE-2024-27076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in the Linux kernel: media: imx: csc/scaler: v4l2_ctrl_handler memory leak Free the memory allocated in v4l2_ctrl_handler_init on release.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27076"
},
{
"cve": "CVE-2024-27077",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in Linux kernel: media: v4l2-mem2mem: a memleak in v4l2_m2m_register_entity The entity-\u003ename (i.e. name) is allocated in v4l2_m2m_register_entity but isn\u0027t freed in its following error-handling paths. This patch adds such deallocation to prevent memleak of entity-\u003ename.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27077"
},
{
"cve": "CVE-2024-27078",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in Linux kernel: media: v4l2-tpg: some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleaks because tpg_free is called only when tpg_alloc return 0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27078"
},
{
"cve": "CVE-2024-27395",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Fix Use-After-Free in ovs_ct_exit\n\nSince kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof ovs_ct_limit_exit, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27395"
},
{
"cve": "CVE-2024-27396",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gtp: Fix Use-After-Free in gtp_dellink\n\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof gtp_dellink, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27396"
},
{
"cve": "CVE-2024-27397",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: use timestamp to check for set element timeout\r\n\r\nAdd a timestamp field at the beginning of the transaction, store it\r\nin the nftables per-netns area.\r\n\r\nUpdate set backend .insert, .deactivate and sync gc path to use the\r\ntimestamp, this avoids that an element expires while control plane\r\ntransaction is still unfinished.\r\n\r\n.lookup and .update, which are used from packet path, still use the\r\ncurrent time to check if the element has expired. And .get path and dump\r\nalso since this runs lockless under rcu read size lock. Then, there is\r\nasync gc which also needs to check the current time since it runs\r\nasynchronously from a workqueue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27397"
},
{
"cve": "CVE-2024-27419",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netrom: data-races around sysctl_net_busy_read We need to protect the reader reading the sysctl value because the value can be changed concurrently.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27419"
},
{
"cve": "CVE-2024-27431",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don\u0027t initialise the xdp_rxq_info data structure being used in the xdp_buff that backs the XDP program invocation. Tobias noticed that this leads to random values being returned as the xdp_md-\u003erx_queue_index value for XDP programs running in a cpumap. This means we\u0027re basically returning the contents of the uninitialised memory, which is bad. Fix this by zero-initialising the rxq data structure before running the XDP program.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27431"
},
{
"cve": "CVE-2024-27436",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27436"
},
{
"cve": "CVE-2024-27437",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Disable auto-enable of exclusive INTx IRQ\n\nCurrently for devices requiring masking at the irqchip for INTx, ie.\ndevices without DisINTx support, the IRQ is enabled in request_irq()\nand subsequently disabled as necessary to align with the masked status\nflag. This presents a window where the interrupt could fire between\nthese events, resulting in the IRQ incrementing the disable depth twice.\nThis would be unrecoverable for a user since the masked flag prevents\nnested enables through vfio.\n\nInstead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx\nis never auto-enabled, then unmask as required.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-27437"
},
{
"cve": "CVE-2024-33621",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-\u003esk in ipvlan_process_v4 / 6_outbound.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-33621"
},
{
"cve": "CVE-2024-33847",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "f2fs: compress: Released compress inode f2fs image may be corrupted. The reason is partial truncation assume compressed inode has reserved blocks, after partial truncation, valid block count may change w/o .i_blocks and .total_valid_block_count update, resulting in corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-33847"
},
{
"cve": "CVE-2024-34027",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "f2fs: compress: filesystem metadata including blkaddr in dnode, inode fields and .total_valid_block_count may be corrupted after SPO case.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-34027"
},
{
"cve": "CVE-2024-35789",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes\r\n\r\nWhen moving a station out of a VLAN and deleting the VLAN afterwards, the\r\nfast_rx entry still holds a pointer to the VLAN\u0027s netdev, which can cause\r\nuse-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx\r\nafter the VLAN change.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35789"
},
{
"cve": "CVE-2024-35805",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndm snapshot: fix lockup in dm_exception_table_exit\r\n\r\nThere was reported lockup when we exit a snapshot with many exceptions.\r\nFix this by adding \"cond_resched\" to the loop that frees the exceptions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35805"
},
{
"cve": "CVE-2024-35807",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35807"
},
{
"cve": "CVE-2024-35811",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35811"
},
{
"cve": "CVE-2024-35813",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmmc: core: Avoid negative index with array access\r\n\r\nCommit 4d0c8d0aef63 (\"mmc: core: Use mrq.sbc in close-ended ffu\") assigns\r\nprev_idata = idatas[i - 1], but doesn\u0027t check that the iterator i is\r\ngreater than zero. Let\u0027s fix this by adding a check.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35813"
},
{
"cve": "CVE-2024-35815",
"cwe": {
"id": "CWE-237",
"name": "Improper Handling of Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion\r\n\r\nThe first kiocb_set_cancel_fn() argument may point at a struct kiocb\r\nthat is not embedded inside struct aio_kiocb. With the current code,\r\ndepending on the compiler, the req-\u003eki_ctx read happens either before\r\nthe IOCB_AIO_RW test or after that test. Move the req-\u003eki_ctx read such\r\nthat it is guaranteed that the IOCB_AIO_RW test happens first.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35815"
},
{
"cve": "CVE-2024-35823",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nvt: fix unicode buffer corruption when deleting characters\r\n\r\nThis is the same issue that was fixed for the VGA text buffer in commit\r\n39cdb68c64d8 (\"vt: fix memory overlapping when deleting chars in the\r\nbuffer\"). The cure is also the same i.e. replace memcpy() with memmove()\r\ndue to the overlaping buffers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35823"
},
{
"cve": "CVE-2024-35828",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35828"
},
{
"cve": "CVE-2024-35845",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35845"
},
{
"cve": "CVE-2024-35849",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbtrfs: fix information leak in btrfs_ioctl_logical_to_ino()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35849"
},
{
"cve": "CVE-2024-35877",
"cwe": {
"id": "CWE-237",
"name": "Improper Handling of Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nx86/mm/pat: fix VM_PAT handling in COW mappings\r\n\r\nPAT handling won\u0027t do the right thing in COW mappings: the first PTE (or,\r\nin fact, all PTEs) can be replaced during write faults to point at anon\r\nfolios. Reliably recovering the correct PFN and cachemode using\r\nfollow_phys() from PTEs will not work in COW mappings.\r\n\r\nUsing follow_phys(), we might just get the address+protection of the anon\r\nfolio (which is very wrong), or fail on swap/nonswap entries, failing\r\nfollow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and\r\ntrack_pfn_copy(), not properly calling free_pfn_range().\r\n\r\nIn free_pfn_range(), we either wouldn\u0027t call memtype_free() or would call\r\nit with the wrong range, possibly leaking memory.\r\n\r\nTo fix that, let\u0027s update follow_phys() to refuse returning anon folios,\r\nand fallback to using the stored PFN inside vma-\u003evm_pgoff for COW mappings\r\nif we run into that.\r\n\r\nWe will now properly handle untrack_pfn() with COW mappings, where we\r\ndon\u0027t need the cachemode. We\u0027ll have to fail fork()-\u003etrack_pfn_copy() if\r\nthe first page was replaced by an anon folio, though: we\u0027d have to store\r\nthe cachemode in the VMA to make this work, likely growing the VMA size.\r\n\r\nFor now, lets keep it simple and let track_pfn_copy() just fail in that\r\ncase: it would have failed in the past with swap/nonswap entries already,\r\nand it would have done the wrong thing with anon folios.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35877"
},
{
"cve": "CVE-2024-35884",
"cwe": {
"id": "CWE-923",
"name": "Improper Restriction of Communication Channel to Intended Endpoints"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nudp: do not accept non-tunnel GSO skbs landing in a tunnel\r\n\r\nWhen rx-udp-gro-forwarding is enabled UDP packets might be GROed when\r\nbeing forwarded. If such packets might land in a tunnel this can cause\r\nvarious issues and udp_gro_receive makes sure this isn\u0027t the case by\r\nlooking for a matching socket. This is performed in\r\nudp4/6_gro_lookup_skb but only in the current netns. This is an issue\r\nwith tunneled packets when the endpoint is in another netns. In such\r\ncases the packets will be GROed at the UDP level, which leads to various\r\nissues later on. The same thing can happen with rx-gro-list.\r\n\r\nWe saw this with geneve packets being GROed at the UDP level. In such\r\ncase gso_size is set; later the packet goes through the geneve rx path,\r\nthe geneve header is pulled, the offset are adjusted and frag_list skbs\r\nare not adjusted with regard to geneve. When those skbs hit\r\nskb_fragment, it will misbehave. Different outcomes are possible\r\ndepending on what the GROed skbs look like; from corrupted packets to\r\nkernel crashes.\r\n\r\nOne example is a BUG_ON[1] triggered in skb_segment while processing the\r\nfrag_list. Because gso_size is wrong (geneve header was pulled)\r\nskb_segment thinks there is \"geneve header size\" of data in frag_list,\r\nalthough it\u0027s in fact the next packet. The BUG_ON itself has nothing to\r\ndo with the issue. This is only one of the potential issues.\r\n\r\nLooking up for a matching socket in udp_gro_receive is fragile: the\r\nlookup could be extended to all netns (not speaking about performances)\r\nbut nothing prevents those packets from being modified in between and we\r\ncould still not find a matching socket. It\u0027s OK to keep the current\r\nlogic there as it should cover most cases but we also need to make sure\r\nwe handle tunnel packets being GROed too early.\r\n\r\nThis is done by extending the checks in udp_unexpected_gso: GSO packets\r\nlacking the SKB_GSO_UDP_TUNNEL/_CSUM bits and landing in a tunnel must\r\nbe segmented.\r\n\r\n[1] kernel BUG at net/core/skbuff.c:4408!\r\n RIP: 0010:skb_segment+0xd2a/0xf70\r\n __udp_gso_segment+0xaa/0x560",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35884"
},
{
"cve": "CVE-2024-35886",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipv6: Fix infinite recursion in fib6_dump_done().\r\n\r\nsyzkaller reported infinite recursive calls of fib6_dump_done() during\r\nnetlink socket destruction.\r\n\r\nFrom the log, syzkaller sent an AF_UNSPEC RTM_GETROUTE message, and then\r\nthe response was generated. The following recvmmsg() resumed the dump\r\nfor IPv6, but the first call of inet6_dump_fib() failed at kzalloc() due\r\nto the fault injection.\r\n\r\n 12:01:34 executing program 3:\r\n r0 = socket$nl_route(0x10, 0x3, 0x0)\r\n sendmsg$nl_route(r0, ... snip ...)\r\n recvmmsg(r0, ... snip ...) (fail_nth: 8)\r\n\r\nHere, fib6_dump_done() was set to nlk_sk(sk)-\u003ecb.done, and the next call\r\nof inet6_dump_fib() set it to nlk_sk(sk)-\u003ecb.args[3]. syzkaller stopped\r\nreceiving the response halfway through, and finally netlink_sock_destruct()\r\ncalled nlk_sk(sk)-\u003ecb.done().\r\n\r\nfib6_dump_done() calls fib6_dump_end() and nlk_sk(sk)-\u003ecb.done() if it\r\nis still not NULL. fib6_dump_end() rewrites nlk_sk(sk)-\u003ecb.done() by\r\nnlk_sk(sk)-\u003ecb.args[3], but it has the same function, not NULL, calling\r\nitself recursively and hitting the stack guard page.\r\n\r\nTo avoid the issue, let\u0027s set the destructor after kzalloc().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35886"
},
{
"cve": "CVE-2024-35888",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: erspan: make sure erspan_base_hdr is present in skb-\u003ehead.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35888"
},
{
"cve": "CVE-2024-35893",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: act_skbmod: prevent kernel-infoleak\r\n\r\nsyzbot found that tcf_skbmod_dump() was copying four bytes\r\nfrom kernel stack to user space.\r\n\r\nThe issue here is that \u0027struct tc_skbmod\u0027 has a four bytes hole.\r\n\r\nWe need to clear the structure before filling fields.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35893"
},
{
"cve": "CVE-2024-35895",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Prevent lock inversion deadlock in map delete elem\n\nsyzkaller started using corpuses where a BPF tracing program deletes\nelements from a sockmap/sockhash map. Because BPF tracing programs can be\ninvoked from any interrupt context, locks taken during a map_delete_elem\noperation must be hardirq-safe. Otherwise a deadlock due to lock inversion\nis possible, as reported by lockdep:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026htab-\u003ebuckets[i].lock);\n local_irq_disable();\n lock(\u0026host-\u003elock);\n lock(\u0026htab-\u003ebuckets[i].lock);\n \u003cInterrupt\u003e\n lock(\u0026host-\u003elock);\n\nLocks in sockmap are hardirq-unsafe by design. We expects elements to be\ndeleted from sockmap/sockhash only in task (normal) context with interrupts\nenabled, or in softirq context.\n\nDetect when map_delete_elem operation is invoked from a context which is\n_not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an\nerror.\n\nNote that map updates are not affected by this issue. BPF verifier does not\nallow updating sockmap/sockhash from a BPF tracing program today.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35895"
},
{
"cve": "CVE-2024-35896",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: validate user input for expected length\r\n\r\nI got multiple syzbot reports showing old bugs exposed\r\nby BPF after commit 20f2505fb436 (\"bpf: Try to avoid kzalloc\r\nin cgroup/{s,g}etsockopt\")\r\n\r\nsetsockopt() @optlen argument should be taken into account\r\nbefore copying data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35896"
},
{
"cve": "CVE-2024-35897",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: discard table flag update with pending basechain deletion\r\n\r\nHook unregistration is deferred to the commit phase, same occurs with\r\nhook updates triggered by the table dormant flag. When both commands are\r\ncombined, this results in deleting a basechain while leaving its hook\r\nstill registered in the core.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35897"
},
{
"cve": "CVE-2024-35898",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()\r\n\r\nnft_unregister_flowtable_type() within nf_flow_inet_module_exit() can\r\nconcurrent with __nft_flowtable_type_get() within nf_tables_newflowtable().\r\nAnd thhere is not any protection when iterate over nf_tables_flowtables\r\nlist in __nft_flowtable_type_get(). Therefore, there is pertential\r\ndata-race of nf_tables_flowtables list entry.\r\n\r\nUse list_for_each_entry_rcu() to iterate over nf_tables_flowtables list\r\nin __nft_flowtable_type_get(), and use rcu_read_lock() in the caller\r\nnft_flowtable_type_get() to protect the entire type query process.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35898"
},
{
"cve": "CVE-2024-35899",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: flush pending destroy work before exit_net release\r\n\r\nSimilar to 2c9f0293280e (\"netfilter: nf_tables: flush pending destroy\r\nwork before netlink notifier\") to address a race between exit_net and\r\nthe destroy workqueue.\r\n\r\nThe trace below shows an element to be released via destroy workqueue\r\nwhile exit_net path (triggered via module removal) has already released\r\nthe set that is used in such transaction.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35899"
},
{
"cve": "CVE-2024-35900",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: reject new basechain after table flag update\r\n\r\nWhen dormant flag is toggled, hooks are disabled in the commit phase by\r\niterating over current chains in table (existing and new).\r\n\r\nThe following configuration allows for an inconsistent state:\r\n\r\n add table x\r\n add chain x y { type filter hook input priority 0; }\r\n add table x { flags dormant; }\r\n add chain x w { type filter hook input priority 1; }\r\n\r\nwhich triggers the following warning when trying to unregister chain w\r\nwhich is already unregistered.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35900"
},
{
"cve": "CVE-2024-35902",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/rds: possible cp null dereference cp might be null, calling cp-\u003ecp_conn would produce null dereference. Cp is a parameter of __rds_rdma_map and is not reassigned.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35902"
},
{
"cve": "CVE-2024-35905",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Protect against int overflow for stack access size\n\nThis patch re-introduces protection against the size of access to stack\nmemory being negative; the access size can appear negative as a result\nof overflowing its signed int representation. This should not actually\nhappen, as there are other protections along the way, but we should\nprotect against it anyway. One code path was missing such protections\n(fixed in the previous patch in the series), causing out-of-bounds array\naccesses in check_stack_range_initialized(). This patch causes the\nverification of a program with such a non-sensical access size to fail.\n\nThis check used to exist in a more indirect way, but was inadvertendly\nremoved in a833a17aeac7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35905"
},
{
"cve": "CVE-2024-35910",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp: properly terminate timers for kernel sockets We had various syzbot reports about tcp timers firing after the corresponding netns has been dismantled. Fortunately Josef Bacik could trigger the issue more often, and could test a patch I wrote two years ago. When TCP sockets are closed, we call inet_csk_clear_xmit_timers() to \u0027stop\u0027 the timers. inet_csk_clear_xmit_timers() can be called from any context, including when socket lock is held. This is the reason it uses sk_stop_timer(), aka del_timer(). This means that ongoing timers might finish much later. For user sockets, this is fine because each running timer holds a reference on the socket, and the user socket holds a reference on the netns. For kernel sockets, we risk that the netns is freed before timer can complete, because kernel sockets do not hold reference on the netns. This patch adds inet_csk_clear_xmit_timers_sync() function that using sk_stop_timer_sync() to make sure all timers are terminated before the kernel socket is released. Modules using kernel sockets close them in their netns exit() handler. Also add sock_not_owned_by_me() helper to get LOCKDEP support : inet_csk_clear_xmit_timers_sync() must not be called while socket lock is held. It is very possible we can revert in the future commit 3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\") which attempted to solve the issue in rds only. (net/smc/af_smc.c and net/mptcp/subflow.c have similar code) We probably can remove the check_net() tests from tcp_out_of_resources() and __tcp_close() in the future.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-35915",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35915"
},
{
"cve": "CVE-2024-35922",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "fbmon: prevent division by zero in fb_videomode_from_videomode()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35922"
},
{
"cve": "CVE-2024-35925",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "block: prevent division by zero in blk_rq_stat_sum()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35925"
},
{
"cve": "CVE-2024-35930",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35930"
},
{
"cve": "CVE-2024-35933",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: btintel: Fix null ptr deref in btintel_read_version",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35933"
},
{
"cve": "CVE-2024-35934",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35934"
},
{
"cve": "CVE-2024-35935",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "btrfs: send: handle path ref underflow in header iterate_inode_ref()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35935"
},
{
"cve": "CVE-2024-35936",
"cwe": {
"id": "CWE-237",
"name": "Improper Handling of Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35936"
},
{
"cve": "CVE-2024-35940",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "pstore/zone: Add a null pointer check to the psz_kmsg_read",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35940"
},
{
"cve": "CVE-2024-35944",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35944"
},
{
"cve": "CVE-2024-35950",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "drm/client: Fully protect modes with dev-\u003emode_config.mutex",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35950"
},
{
"cve": "CVE-2024-35955",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "kprobes: Fix possible use-after-free issue on kprobe registration",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35955"
},
{
"cve": "CVE-2024-35958",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "net: ena: Fix incorrect descriptor free behavior",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35958"
},
{
"cve": "CVE-2024-35960",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "net/mlx5: Properly link new fs rules into the tree",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35960"
},
{
"cve": "CVE-2024-35962",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "netfilter: complete validation of user input",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35962"
},
{
"cve": "CVE-2024-35965",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: L2CAP: Fix not validating setsockopt user input\r\n\r\nCheck user input length before copying data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35965"
},
{
"cve": "CVE-2024-35966",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: RFCOMM: Fix not validating setsockopt user input",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35966"
},
{
"cve": "CVE-2024-35967",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: SCO: Fix not validating setsockopt user input",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35967"
},
{
"cve": "CVE-2024-35969",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35969"
},
{
"cve": "CVE-2024-35973",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "geneve: fix header validation in geneve_xmit_skb",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35973"
},
{
"cve": "CVE-2024-35976",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "xsk: validate user input for XDP_UMEM|COMPLETION_FILL_RING",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35976"
},
{
"cve": "CVE-2024-35978",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth: Fix memory leak in hci_req_sync_complete()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35978"
},
{
"cve": "CVE-2024-35982",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "batman-adv: Avoid infinite loop trying to resize local TT",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35982"
},
{
"cve": "CVE-2024-35983",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35983"
},
{
"cve": "CVE-2024-35984",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "i2c: smbus: fix NULL function pointer dereference",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35984"
},
{
"cve": "CVE-2024-35988",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "riscv: Fix TASK_SIZE on 64-bit NOMMU. On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of TASK_SIZE is wrong if any RAM exists above 4G,\r\ncausing spurious failures in the userspace access routines.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35988"
},
{
"cve": "CVE-2024-35990",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "dma: xilinx_dpdma: Fix locking",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35990"
},
{
"cve": "CVE-2024-35996",
"cwe": {
"id": "CWE-655",
"name": "Insufficient Psychological Acceptability"
},
"notes": [
{
"category": "summary",
"text": "cpu: Re-enable CPU mitigations by default for !X86 architectures",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35996"
},
{
"cve": "CVE-2024-35997",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-35997"
},
{
"cve": "CVE-2024-36004",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "summary",
"text": "i40e: Do not use WQ_MEM_RECLAIM flag for workqueue",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36004"
},
{
"cve": "CVE-2024-36005",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netfilter: nf_tables: honor table dormant flag from netdev release event path",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36005"
},
{
"cve": "CVE-2024-36006",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmlxsw: spectrum_acl_tcam: Fix incorrect list API usage",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36006"
},
{
"cve": "CVE-2024-36007",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmlxsw: spectrum_acl_tcam: Fix warning during rehash\r\n\r\nAs previously explained, the rehash delayed work migrates filters from\r\none region to another. This is done by iterating over all chunks (all\r\nthe filters with the same priority) in the region and in each chunk\r\niterating over all the filters.\r\n\r\nWhen the work runs out of credits it stores the current chunk and entry\r\nas markers in the per-work context so that it would know where to resume\r\nthe migration from the next time the work is scheduled.\r\n\r\nUpon error, the chunk marker is reset to NULL, but without resetting the\r\nentry markers despite being relative to it. This can result in migration\r\nbeing resumed from an entry that does not belong to the chunk being\r\nmigrated. In turn, this will eventually lead to a chunk being iterated\r\nover as if it is an entry. Because of how the two structures happen to\r\nbe defined, this does not lead to KASAN splats, but to warnings such as.\r\n\r\nFix by creating a helper that resets all the markers and call it from\r\nall the places the currently only reset the chunk marker. For good\r\nmeasures also call it when starting a completely new rehash. Add a\r\nwarning to avoid future cases.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36007"
},
{
"cve": "CVE-2024-36008",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipv4: check for NULL idev in ip_route_use_hint()\r\n\r\nsyzbot was able to trigger a NULL deref in fib_validate_source()\r\nin an old tree.\r\n\r\nIt appears the bug exists in latest trees.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36008"
},
{
"cve": "CVE-2024-36020",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ni40e: fix vf may be used uninitialized in this function warning\r\n\r\nTo fix the regression introduced by commit 52424f974bc5, which causes\r\nservers hang in very hard to reproduce conditions with resets races.\r\nUsing two sources for the information is the root cause.\r\nIn this function before the fix bumping v didn\u0027t mean bumping vf\r\npointer. But the code used this variables interchangeably, so stale vf\r\ncould point to different/not intended vf.\r\n\r\nRemove redundant \"v\" variable and iterate via single VF pointer across\r\nwhole function instead to guarantee VF pointer validity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36020"
},
{
"cve": "CVE-2024-36270",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36270"
},
{
"cve": "CVE-2024-36286",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36286"
},
{
"cve": "CVE-2024-36288",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token-\u003epages[] array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f].",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36288"
},
{
"cve": "CVE-2024-36484",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36484"
},
{
"cve": "CVE-2024-36489",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tls: missing memory barrier in tls_init. In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36489"
},
{
"cve": "CVE-2024-36894",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36894"
},
{
"cve": "CVE-2024-36899",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ngpiolib: cdev: Fix use after free in lineinfo_changed_notify\r\n\r\nThe use-after-free issue occurs as follows: when the GPIO chip device file\r\nis being closed by invoking gpio_chrdev_release(), watched_lines is freed\r\nby bitmap_free(), but the unregistration of lineinfo_changed_nb notifier\r\nchain failed due to waiting write rwsem. Additionally, one of the GPIO\r\nchip\u0027s lines is also in the release process and holds the notifier chain\u0027s\r\nread rwsem. Consequently, a race condition leads to the use-after-free of\r\nwatched_lines.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36899"
},
{
"cve": "CVE-2024-36902",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Vulnerability in Linux kernel: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36902"
},
{
"cve": "CVE-2024-36904",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36904"
},
{
"cve": "CVE-2024-36905",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36905"
},
{
"cve": "CVE-2024-36916",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg-\u003edelay is shifted right by a number that is too large, resulting in undefined behavior on some architectures. [ 186.556576] ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23 shift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka \u0027unsigned long long\u0027) CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1 Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020 Call Trace: \u003cIRQ\u003e dump_stack_lvl+0x8f/0xe0 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 iocg_kick_delay+0x30b/0x310 ioc_timer_fn+0x2fb/0x1f80 __run_timer_base+0x1b6/0x250 ... Avoid that undefined behavior by simply taking the \"delay = 0\" branch if the shift is too large. I am not sure what the symptoms of an undefined value delay will be, but I suspect it could be more than a little annoying to debug.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36916"
},
{
"cve": "CVE-2024-36929",
"cwe": {
"id": "CWE-237",
"name": "Improper Handling of Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skb_copy or skb_copy_expand, in order to prevent a crash on a potential later call to skb_gso_segment.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36929"
},
{
"cve": "CVE-2024-36939",
"cwe": {
"id": "CWE-391",
"name": "Unchecked Error Condition"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning [0] triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been ignored since at least the initial commit 1da177e4c3f4 (\"Linux-2.6.12-rc2\"). Recently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs in net namespaces\") converted the procfs to per-netns and made the problem more visible. Even when rpc_proc_register() fails, nfs_net_init() could succeed, and thus nfs_net_exit() will be called while destroying the netns. Then, remove_proc_entry() will be called for non-existing proc directory and trigger the warning below. Let\u0027s handle the error of rpc_proc_register() properly in nfs_net_init(). [0]: name \u0027nfs\u0027 WARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711 Modules linked in: CPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711 Code: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff \u003c0f\u003e 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb RSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c RDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc R13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8 FS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: \u003cTASK\u003e rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310 nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438 ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170 setup_net+0x46c/0x660 net/core/net_namespace.c:372 copy_net_ns+0x244/0x590 net/core/net_namespace.c:505 create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228 ksys_unshare+0x342/0x760 kernel/fork.c:3322 __do_sys_unshare kernel/fork.c:3393 [inline] __se_sys_unshare kernel/fork.c:3391 [inline] __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x46/0x4e RIP: 0033:0x7f30d0febe5d Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48 RSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600 RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000 \u003c/TASK\u003e",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36939"
},
{
"cve": "CVE-2024-36940",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The \"pctldev\" struct is allocated in devm_pinctrl_register_and_init(). It\u0027s a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36940"
},
{
"cve": "CVE-2024-36959",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrl_dt_free_maps() includes the droping operation, here we call it directly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36959"
},
{
"cve": "CVE-2024-36974",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP. If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev-\u003enum_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36974"
},
{
"cve": "CVE-2024-36978",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: sched: sch_multiq: possible OOB write in multiq_tune() q-\u003ebands will be assigned to qopt-\u003ebands to execute subsequent code logic after kmalloc. So the old q-\u003ebands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-36978"
},
{
"cve": "CVE-2024-37356",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp: Fix shift-out-of-bounds in dctcp_update_alpha().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-37356"
},
{
"cve": "CVE-2024-38381",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev-\u003erx_q. It should be validated header size, payload size and total packet size before processing the packet. If an invalid packet is detected, it should be silently discarded.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38381"
},
{
"cve": "CVE-2024-38547",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "media: atomisp: ssh_css: null-pointer dereference in load_video_binaries.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38547"
},
{
"cve": "CVE-2024-38552",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index \u0027i\u0027 exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the transfer function points. If \u0027i\u0027 is out of bounds, an error message is logged and the function returns false to indicate an error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38552"
},
{
"cve": "CVE-2024-38558",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet. OVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure with the metadata like conntrack state, input port, recirculation id, etc.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38558"
},
{
"cve": "CVE-2024-38559",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don\u0027t ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38559"
},
{
"cve": "CVE-2024-38560",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don\u0027t ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38560"
},
{
"cve": "CVE-2024-38565",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their according types intact. Sadly, this patch has not been tested on real hardware.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38565"
},
{
"cve": "CVE-2024-38567",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint, since it can switch types between bulk and interrupt, other endpoints are trusted implicitly. Similar warning is triggered in a couple of other syzbot issues [2].",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38567"
},
{
"cve": "CVE-2024-38578",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ecryptfs: Fix buffer size for tag 66 packet The \u0027TAG 66 Packet Format\u0027 description is missing the cipher code and checksum fields that are packed into the message packet. As a result, the buffer allocated for the packet is 3 bytes too small and write_tag_66_packet() will write up to 3 bytes past the end of the buffer. Fix this by increasing the size of the allocation so the whole packet will always fit in the buffer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38578"
},
{
"cve": "CVE-2024-38579",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "crypto: bcm - Fix pointer arithmetic In spu2_dump_omd() value of ptr is increased by ciph_key_len instead of hash_iv_len which could lead to going beyond the buffer boundaries.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38579"
},
{
"cve": "CVE-2024-38587",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nspeakup: Fix sizeof() vs ARRAY_SIZE() bug\r\n\r\nThe \"buf\" pointer is an array of u16 values. This code should be\r\nusing ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512),\r\notherwise it can the still got out of bounds.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38587"
},
{
"cve": "CVE-2024-38589",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netrom: fix possible dead-lock in nr_rt_ioctl() syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1] Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38589"
},
{
"cve": "CVE-2024-38596",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38596"
},
{
"cve": "CVE-2024-38598",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38598"
},
{
"cve": "CVE-2024-38599",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the xattr nodes aren\u0027t split into parts and spread across multiple eraseblocks, which means that a xattr node must not occupy more than one eraseblock. If the requested xattr value is too large, the xattr node can spill onto the next eraseblock, overwriting the nodes and causing errors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38599"
},
{
"cve": "CVE-2024-38612",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn\u0027t called. This issue exist since commit 46738b1317e1 (\"ipv6: sr: add option to control lwtunnel support\"), and commit 5559cea2d5aa (\"ipv6: sr: fix possible use-after-free and null-ptr-deref\") replaced unregister_pernet_subsys() with genl_unregister_family() in this error path.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38612"
},
{
"cve": "CVE-2024-38615",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "cpufreq: exit() callback is optional The exit() callback is optional and shouldn\u0027t be called without checking a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn\u0027t present.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38615"
},
{
"cve": "CVE-2024-38619",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb-storage: alauda: Check whether the media is initialized. The member \"uzonesize\" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38619"
},
{
"cve": "CVE-2024-38635",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "soundwire: cadence: invalid PDI offset.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38635"
},
{
"cve": "CVE-2024-38659",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX. These attributes are validated (in the function do_setlink in rtnetlink.c) using the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE as NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and IFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation using the policy is for the max size of the attributes and not on exact size so the length of these attributes might be less than the sizes that enic_set_vf_port expects. This might cause an out of bands read access in the memcpys of the data of these attributes in enic_set_vf_port.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38659"
},
{
"cve": "CVE-2024-38662",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bpf: Allow delete from sockmap/sockhash only if update is allowed. We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a sockmap/sockhash. We don\u0027t intend to support this artificial use scenario. Extend the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map. From now on only BPF programs which were previously allowed to update sockmap/sockhash can delete from these map types.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38662"
},
{
"cve": "CVE-2024-38780",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don\u0027t enable IRQ from sync_print_obj().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-38780"
},
{
"cve": "CVE-2024-39468",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "smb: client: Deadlock in smb2_find_smb_tcon().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-39468"
},
{
"cve": "CVE-2024-39482",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "bcache: Variable length array abuse in btree_iter.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-39482"
},
{
"cve": "CVE-2024-39489",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails, so it\u0027s going to leak all that memory and the crypto tfms. Update seg6_hmac_exit to only free the memory when allocated, so we can reuse the code directly.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-39489"
},
{
"cve": "CVE-2024-39493",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\n\nUsing completion_done to determine whether the caller has gone\naway only works after a complete call. Furthermore it\u0027s still\npossible that the caller has not yet called wait_for_completion,\nresulting in another potential UAF.\n\nFix this by making the caller use cancel_work_sync and then freeing\nthe memory safely.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-39493"
},
{
"cve": "CVE-2024-39502",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "ionic: use after netif_napi_del(). When queues are started, netif_napi_add() and napi_enable() are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues\u0027 napi should be registered and enabled. The ionic_qcq_enable() checks whether the .poll pointer is not NULL for enabling only the using queue\u0027 napi. Unused queues\u0027 napi will not be registered by netif_napi_add(), so the .poll pointer indicates NULL. But it couldn\u0027t distinguish whether the napi was unregistered or not because netif_napi_del() doesn\u0027t reset the .poll pointer to NULL. So, ionic_qcq_enable() calls napi_enable() for the queue, which was unregistered by netif_napi_del().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-39502"
},
{
"cve": "CVE-2024-39503",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "netfilter: ipset: race between namespace cleanup and gc in the list:set type. The namespace cleanup can destroy the list:set type of sets while the gc of the set type is waiting to run in rcu cleanup. The latter uses data from the destroyed set which thus leads use after free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-39503"
},
{
"cve": "CVE-2024-39509",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "HID: core: remove unnecessary WARN_ON() in implement(). There is a warning in a call to implement() when trying to write a value into a field of smaller size in an output report. Since implement() already has a warn message printed out with the help of hid_warn() and value in question gets trimmed with: ... value \u0026= m; ... WARN_ON may be considered superfluous.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-39509"
},
{
"cve": "CVE-2024-40905",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "ipv6: possible race in __fib6_drop_pcpu_from().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40905"
},
{
"cve": "CVE-2024-40912",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: mac80211: deadlock in ieee80211_sta_ps_deliver_wakeup().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40912"
},
{
"cve": "CVE-2024-40916",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found When reading EDID fails and driver reports no modes available, the DRM core adds an artificial 1024x786 mode to the connector.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40916"
},
{
"cve": "CVE-2024-40934",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "summary",
"text": "HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Fix a memory leak on logi_dj_recv_send_report() error path.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40934"
},
{
"cve": "CVE-2024-40941",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "wifi: iwlwifi: mvm: don\u0027t read past the mfuart notifcation. In case the firmware sends a notification that claims it has more data than it has, it will read past that was allocated for the notification.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40941"
},
{
"cve": "CVE-2024-40942",
"cwe": {
"id": "CWE-402",
"name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
},
"notes": [
{
"category": "summary",
"text": "wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40942"
},
{
"cve": "CVE-2024-40945",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"notes": [
{
"category": "summary",
"text": "iommu: Return right value in iommu_sva_bind_device() iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer. In reality, this doesn\u0027t cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40945"
},
{
"cve": "CVE-2024-40958",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "netns: Make get_net_ns() handle zero refcount net Syzkaller hit a warning: refcount_t: addition on 0; use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40958"
},
{
"cve": "CVE-2024-40959",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40959"
},
{
"cve": "CVE-2024-40960",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if __in6_dev_get() returns NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40960"
},
{
"cve": "CVE-2024-40961",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40961"
},
{
"cve": "CVE-2024-40971",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "f2fs: remove clear SB_INLINECRYPT flag in default_options In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead to data corruption if wrappedkey_v0 is enable.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40971"
},
{
"cve": "CVE-2024-40978",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "scsi: qedi: crash while reading debugfs attribute. The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40978"
},
{
"cve": "CVE-2024-40980",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "drop_monitor: replace spin_lock by raw_spin_lock trace_drop_common() is called with preemption disabled, and it acquires a spin_lock. This is problematic for RT kernels because spin_locks are sleeping locks in this configuration, which causes the following splat.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-40984",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40984"
},
{
"cve": "CVE-2024-40993",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "netfilter: ipset: suspicious rcu_dereference_protected().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40993"
},
{
"cve": "CVE-2024-40995",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/sched: act_api: possible infinite loop in tcf_idr_check_alloc().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-40995"
},
{
"cve": "CVE-2024-41000",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41000"
},
{
"cve": "CVE-2024-41004",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock (get a reference) those event file reference in module init function, and unlock and delete it in module exit function. This is because those are designed for playing as modules. If we make those modules as built-in, those events are left locked in the kernel, and never be removed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41004"
},
{
"cve": "CVE-2024-41005",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "netpoll: race condition in netpoll_owner_active KCSAN detected a race condition in netpoll.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41006",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "summary",
"text": "netrom: a memory leak in nr_heartbeat_expiry().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41006"
},
{
"cve": "CVE-2024-41016",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\r\n\r\nxattr in ocfs2 maybe \u0027non-indexed\u0027, which saved with additional space requested. It\u0027s better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41016"
},
{
"cve": "CVE-2024-42070",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42070"
},
{
"cve": "CVE-2024-42082",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "xdp: unused WARN() in __xdp_reg_mem_model().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42082"
},
{
"cve": "CVE-2024-42090",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"notes": [
{
"category": "summary",
"text": "pinctrl: deadlock in create_pinctrl() when handling -EPROBE_DEFER. In create_pinctrl(), pinctrl_maps_mutex is acquired before calling add_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl() calls pinctrl_free(). However, pinctrl_free() attempts to acquire pinctrl_maps_mutex, which is already held by create_pinctrl(), leading to a potential deadlock.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42090"
},
{
"cve": "CVE-2024-42093",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/dpaa2: explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack can cause potential stack overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42093"
},
{
"cve": "CVE-2024-42094",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net/iucv: explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack can cause potential stack overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42094"
},
{
"cve": "CVE-2024-42096",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42096"
},
{
"cve": "CVE-2024-42097",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "A missed validation vulnerability in the Linux Kernel\u0027s MIDI sequencer and router support functionality could allow a local user to crash the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42097"
},
{
"cve": "CVE-2024-42114",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42114"
},
{
"cve": "CVE-2024-42259",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/i915/gem: Fix Virtual Memory mapping boundaries calculation\r\n\r\nCalculating the size of the mapped area as the lesser value\r\nbetween the requested size and the actual size does not consider\r\nthe partial mapping offset. This can cause page fault access.\r\n\r\nFix the calculation of the starting and ending addresses, the\r\ntotal size is now deduced from the difference between the end and\r\nstart addresses.\r\n\r\nAdditionally, the calculations have been rewritten in a clearer\r\nand more understandable form.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42259"
},
{
"cve": "CVE-2024-42265",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nprotect the fetch of -\u003efd[fd] in do_dup2() from mispredictions\r\n\r\nboth callers have verified that fd is not greater than -\u003emax_fds;\r\nhowever, misprediction might end up with\r\n tofree = fdt-\u003efd[fd];\r\nbeing speculatively executed. That\u0027s wrong for the same reasons\r\nwhy it\u0027s wrong in close_fd()/file_close_fd_locked(); the same\r\nsolution applies - array_index_nospec(fd, fdt-\u003emax_fds) could differ\r\nfrom fd only in case of speculative execution on mispredicted path.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42265"
},
{
"cve": "CVE-2024-42272",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "sched: act_ct: take care of padding in struct zones_ht_key.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42272"
},
{
"cve": "CVE-2024-42276",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnvme-pci: add missing condition check for existence of mapped data\r\n\r\nnvme_map_data() is called when request has physical segments, hence\r\nthe nvme_unmap_data() should have same condition to avoid dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42276"
},
{
"cve": "CVE-2024-42281",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbpf: Fix a segment issue when downgrading gso_size\r\n\r\nLinearize the skb when downgrading gso_size because it may trigger a\r\nBUG_ON() later when the skb is segmented as described in [1,2].",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42281"
},
{
"cve": "CVE-2024-42283",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: Initialize all fields in dumped nexthops\n\nstruct nexthop_grp contains two reserved fields that are not initialized by\nnla_put_nh_group(), and carry garbage. This can be observed e.g. with\nstrace (edited for clarity):\n\n # ip nexthop add id 1 dev lo\n # ip nexthop add id 101 group 1\n # strace -e recvmsg ip nexthop get id 101\n ...\n recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},\n [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52\n\nThe fields are reserved and therefore not currently used. But as they are, they\nleak kernel memory, and the fact they are not just zero complicates repurposing\nof the fields for new ends. Initialize the full structure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42283"
},
{
"cve": "CVE-2024-42292",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nkobject_uevent: Fix OOB access within zap_modalias_env()\r\n\r\nzap_modalias_env() wrongly calculates size of memory block to move, so\r\nwill cause OOB memory access issue if variable MODALIAS is not the last\r\none within its @env parameter, fixed by correcting size to memmove.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42292"
},
{
"cve": "CVE-2024-42302",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/DPC: Fix use-after-free on concurrent DPC and hot-removal\n\nKeith reports a use-after-free when a DPC event occurs concurrently to\nhot-removal of the same portion of the hierarchy:\n\nThe dpc_handler() awaits readiness of the secondary bus below the\nDownstream Port where the DPC event occurred. To do so, it polls the\nconfig space of the first child device on the secondary bus. If that\nchild device is concurrently removed, accesses to its struct pci_dev\ncause the kernel to oops.\n\nThat\u0027s because pci_bridge_wait_for_secondary_bus() neglects to hold a\nreference on the child device. Before v6.3, the function was only\ncalled on resume from system sleep or on runtime resume. Holding a\nreference wasn\u0027t necessary back then because the pciehp IRQ thread\ncould never run concurrently. (On resume from system sleep, IRQs are\nnot enabled until after the resume_noirq phase. And runtime resume is\nalways awaited before a PCI device is removed.)\n\nHowever starting with v6.3, pci_bridge_wait_for_secondary_bus() is also\ncalled on a DPC event. Commit 53b54ad074de (\"PCI/DPC: Await readiness\nof secondary bus after reset\"), which introduced that, failed to\nappreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a\nreference on the child device because dpc_handler() and pciehp may\nindeed run concurrently. The commit was backported to v5.10+ stable\nkernels, so that\u0027s the oldest one affected.\n\nAdd the missing reference acquisition.\n\nAbridged stack trace:\n\n BUG: unable to handle page fault for address: 00000000091400c0\n CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0\n RIP: pci_bus_read_config_dword+0x17/0x50\n pci_dev_wait()\n pci_bridge_wait_for_secondary_bus()\n dpc_reset_link()\n pcie_do_recovery()\n dpc_handler()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42302"
},
{
"cve": "CVE-2024-42304",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: make sure the first directory block is not a hole",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42304"
},
{
"cve": "CVE-2024-42305",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: check dot and dotdot of dx_root before making dir indexed",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42305"
},
{
"cve": "CVE-2024-42306",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nudf: Avoid using corrupted block bitmap buffer",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42306"
},
{
"cve": "CVE-2024-42312",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nsysctl: always initialize i_uid/i_gid\r\n\r\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\r\ncan safely skip setting them.\r\n\r\nCommit 5ec27ec735ba (\"fs/proc/proc_sysctl.c: fix the default values of\r\ni_uid/i_gid on /proc/sys inodes.\") added defaults for i_uid/i_gid when\r\nset_ownership() was not implemented. It also missed adjusting\r\nnet_ctl_set_ownership() to use the same default values in case the\r\ncomputation of a better value failed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-42312"
},
{
"cve": "CVE-2024-43828",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix infinite loop when replaying fast_commit\n\nWhen doing fast_commit replay an infinite loop may occur due to an\nuninitialized extent_status struct. ext4_ext_determine_insert_hole() does\nnot detect the replay and calls ext4_es_find_extent_range(), which will\nreturn immediately without initializing the \u0027es\u0027 variable.\n\nBecause \u0027es\u0027 contains garbage, an integer overflow may happen causing an\ninfinite loop in this function, easily reproducible using fstest generic/039.\n\nThis commit fixes this issue by unconditionally initializing the structure\nin function ext4_es_find_extent_range().\n\nThanks to Zhang Yi, for figuring out the real problem!",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43828"
},
{
"cve": "CVE-2024-43830",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nleds: trigger: Unregister sysfs attributes before calling deactivate()\r\n\r\nTriggers which have trigger specific sysfs attributes typically store\r\nrelated data in trigger-data allocated by the activate() callback and\r\nfreed by the deactivate() callback.\r\n\r\nCalling device_remove_groups() after calling deactivate() leaves a window\r\nwhere the sysfs attributes show/store functions could be called after\r\ndeactivation and then operate on the just freed trigger-data.\r\n\r\nMove the device_remove_groups() call to before deactivate() to close\r\nthis race window.\r\n\r\nThis also makes the deactivation path properly do things in reverse order\r\nof the activation path which calls the activate() callback before calling\r\ndevice_add_groups().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43830"
},
{
"cve": "CVE-2024-43834",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nxdp: fix invalid wait context of page_pool_destroy()\r\n\r\nIf the driver uses a page pool, it creates a page pool with\r\npage_pool_create().\r\nThe reference count of page pool is 1 as default.\r\nA page pool will be destroyed only when a reference count reaches 0.\r\npage_pool_destroy() is used to destroy page pool, it decreases a\r\nreference count.\r\nWhen a page pool is destroyed, -\u003edisconnect() is called, which is\r\nmem_allocator_disconnect().\r\nThis function internally acquires mutex_lock().\r\n\r\nIf the driver uses XDP, it registers a memory model with\r\nxdp_rxq_info_reg_mem_model().\r\nThe xdp_rxq_info_reg_mem_model() internally increases a page pool\r\nreference count if a memory model is a page pool.\r\nNow the reference count is 2.\r\n\r\nTo destroy a page pool, the driver should call both page_pool_destroy()\r\nand xdp_unreg_mem_model().\r\nThe xdp_unreg_mem_model() internally calls page_pool_destroy().\r\nOnly page_pool_destroy() decreases a reference count.\r\n\r\nIf a driver calls page_pool_destroy() then xdp_unreg_mem_model(), we\r\nwill face an invalid wait context warning.\r\nBecause xdp_unreg_mem_model() calls page_pool_destroy() with\r\nrcu_read_lock().\r\nThe page_pool_destroy() internally acquires mutex_lock().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43834"
},
{
"cve": "CVE-2024-43856",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma: fix call order in dmam_free_coherent\n\ndmam_free_coherent() frees a DMA allocation, which makes the\nfreed vaddr available for reuse, then calls devres_destroy()\nto remove and free the data structure used to track the DMA\nallocation. Between the two calls, it is possible for a\nconcurrent task to make an allocation with the same vaddr\nand add it to the devres list.\n\nIf this happens, there will be two entries in the devres list\nwith the same vaddr and devres_destroy() can free the wrong\nentry, triggering the WARN_ON() in dmam_match.\n\nFix by destroying the devres entry before freeing the DMA\nallocation.\n\n kokonut //net/encryption\n http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43856"
},
{
"cve": "CVE-2024-43858",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Fix array-index-out-of-bounds in diFree",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43858"
},
{
"cve": "CVE-2024-43871",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43871"
},
{
"cve": "CVE-2024-43879",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "wifi: cfg80211: Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to warning.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43879"
},
{
"cve": "CVE-2024-43882",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "exec: the execution may gain unintended privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43882"
},
{
"cve": "CVE-2024-43889",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "padata: vulnerability due to a possible divide-by-zero error in padata_mt_helper() during bootup, caused by an uninitialized chunk_size being zero.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43889"
},
{
"cve": "CVE-2024-43890",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "tracing: vulnerability due to an overflow in get_free_elt(), which could lead to infinite loops and CPU hangs when the tracing map becomes full.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43890"
},
{
"cve": "CVE-2024-43893",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "serial: core: vulnerability due to a missing check for uartclk being zero, leading to a potential divide-by-zero error when calling ioctl TIOCSSERIAL with an invalid baud_base.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-43893"
},
{
"cve": "CVE-2024-44935",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "sctp: Fix null-ptr-deref in reuseport_add_sock(). A Null Pointer Dereference in reuseport_add_sock() while accessing sk2-\u003esk_reuseport_cb . The repro first creates a listener with SO_REUSEPORT. Then, it creates another listener on the same port and concurrently closes the first listener. The second listen() calls reuseport_add_sock() with the first listener as sk2, where sk2-\u003esk_reuseport_cb is not expected to be cleared concurrently, but the close() does clear it by reuseport_detach_sock().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-44935"
},
{
"cve": "CVE-2024-44944",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-44944"
},
{
"cve": "CVE-2024-44948",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nx86/mtrr: Check if fixed MTRRs exist before saving them\r\n\r\nMTRRs have an obsolete fixed variant for fine grained caching control\r\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\r\na separate capability bit in the MTRR capability MSR.\r\n\r\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\r\nwent unnoticed that mtrr_save_state() does not check the capability bit\r\nbefore accessing the fixed MTRR MSRs.\r\n\r\nThough on a CPU that does not support the fixed MTRR capability this\r\nresults in a #GP. The #GP itself is harmless because the RDMSR fault is\r\nhandled gracefully, but results in a WARN_ON().\r\n\r\nAdd the missing capability check to prevent this.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-44948"
},
{
"cve": "CVE-2024-44960",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "usb: gadget: core: Check for unset descriptor. It needs to be reassured that the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn\u0027t properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug during development of new gadgets.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-44960"
},
{
"cve": "CVE-2024-44987",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-44987"
},
{
"cve": "CVE-2024-44989",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-44989"
},
{
"cve": "CVE-2024-44990",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-44990"
},
{
"cve": "CVE-2024-45016",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-45016"
},
{
"cve": "CVE-2024-45018",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-45018"
},
{
"cve": "CVE-2024-46679",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46679"
},
{
"cve": "CVE-2024-46743",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46743"
},
{
"cve": "CVE-2024-46744",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46744"
},
{
"cve": "CVE-2024-46745",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46745"
},
{
"cve": "CVE-2024-46750",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46750"
},
{
"cve": "CVE-2024-46759",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46759"
},
{
"cve": "CVE-2024-46783",
"cwe": {
"id": "CWE-229",
"name": "Improper Handling of Values"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: fix return value of tcp_bpf_sendmsg().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46783"
},
{
"cve": "CVE-2024-46854",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: dpaa: Pad packets to ETH_ZLEN\r\n\r\nWhen sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running\r\n\r\n\t$ ping -s 11 destination",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46854"
},
{
"cve": "CVE-2024-46865",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfou: fix initialization of grc\r\nThe grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-46865"
},
{
"cve": "CVE-2024-47660",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Hence __fsnotify_update_child_dentry_flags() function can take a significant amount of time. Since the bulk of this function happens under inode-\u003ei_lock this causes a significant contention on the lock when we remove the watch from the directory as the __fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask() races with __fsnotify_update_child_dentry_flags() calls from __fsnotify_parent() happening on children. This can lead upto softlockup reports reported by users. Fix the problem by calling fsnotify_update_children_dentry_flags() to set PARENT_WATCHED flags only when parent starts watching children. When parent stops watching children, clear false positive PARENT_WATCHED flags lazily in __fsnotify_parent() for each accessed child.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47660"
},
{
"cve": "CVE-2024-47672",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: iwlwifi: mvm: don\u0027t wait for tx queues if firmware is dead\r\n\r\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was recently converted from just a message), that can be hit if we wait for TX queues to become empty after firmware died. Clearly, we can\u0027t expect anything from the firmware after it\u0027s declared dead.\r\n\r\nDon\u0027t call iwl_trans_wait_tx_queues_empty() in this case. While it could be a good idea to stop the flow earlier, the flush functions do some maintenance work that is not related to the firmware, so keep that part of the code running even when the firmware is not running.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47672"
},
{
"cve": "CVE-2024-47684",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntcp: check skb is non-NULL in tcp_rto_delta_us()\r\n\r\nWe have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic\r\nkernel that are running ceph and recently hit a null ptr dereference in\r\ntcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also\r\nsaw it getting hit from the RACK case as well. Here are examples of the oops\r\nmessages we saw in each of those cases:\r\n\r\nJul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020\r\nJul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode\r\nJul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page\r\nJul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0\r\nJul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI\r\nJul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu\r\nJul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023\r\nJul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 \u003c48\u003e 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3\r\nJul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246\r\nJul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000\r\nJul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60\r\nJul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8\r\nJul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900\r\nJul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30\r\nJul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000\r\nJul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\nJul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0\r\nJul 26 15:05:02 rx [11061395.913822] PKRU: 55555554\r\nJul 26 15:05:02 rx [11061395.916786] Call Trace:\r\nJul 26 15:05:02 rx [11061395.919488]\r\nJul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f\r\nJul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9\r\nJul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380\r\nJul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0\r\nJul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50\r\nJul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0\r\nJul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20\r\nJul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450\r\nJul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140\r\nJul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90\r\nJul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0\r\nJul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40\r\nJul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160\r\nJul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220\r\nJul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240\r\nJul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0\r\nJul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240\r\nJul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130\r\nJul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280\r\nJul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10\r\nJul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30\r\nJul 26 15:05:02 rx [11061396.017718] ? lapic_next_even\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47684"
},
{
"cve": "CVE-2024-47685",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()\r\n\r\nsyzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th-\u003eres1)\r\n\r\nUse skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put()\r\n\r\nBUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\r\n nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255\r\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\r\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\r\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\r\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\r\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\r\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\r\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\r\n nf_hook include/linux/netfilter.h:269 [inline]\r\n NF_HOOK include/linux/netfilter.h:312 [inline]\r\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\r\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\r\n __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775\r\n process_backlog+0x4ad/0xa50 net/core/dev.c:6108\r\n __napi_poll+0xe7/0x980 net/core/dev.c:6772\r\n napi_poll net/core/dev.c:6841 [inline]\r\n net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963\r\n handle_softirqs+0x1ce/0x800 kernel/softirq.c:554\r\n __do_softirq+0x14/0x1a kernel/softirq.c:588\r\n do_softirq+0x9a/0x100 kernel/softirq.c:455\r\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382\r\n local_bh_enable include/linux/bottom_half.h:33 [inline]\r\n rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline]\r\n __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450\r\n dev_queue_xmit include/linux/netdevice.h:3105 [inline]\r\n neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565\r\n neigh_output include/net/neighbour.h:542 [inline]\r\n ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141\r\n __ip6_finish_output net/ipv6/ip6_output.c:215 [inline]\r\n ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226\r\n NF_HOOK_COND include/linux/netfilter.h:303 [inline]\r\n ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247\r\n dst_output include/net/dst.h:450 [inline]\r\n NF_HOOK include/linux/netfilter.h:314 [inline]\r\n ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366\r\n inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135\r\n __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466\r\n tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline]\r\n tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143\r\n tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333\r\n __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679\r\n inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750\r\n __sys_connect_file net/socket.c:2061 [inline]\r\n __sys_connect+0x606/0x690 net/socket.c:2078\r\n __do_sys_connect net/socket.c:2088 [inline]\r\n __se_sys_connect net/socket.c:2085 [inline]\r\n __x64_sys_connect+0x91/0xe0 net/socket.c:2085\r\n x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nUninit was stored to memory at:\r\n nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249\r\n nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344\r\n nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48\r\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\r\n nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288\r\n nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161\r\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\r\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\r\n nf_hook include/linux/netfilter.h:269 [inline]\r\n NF_HOOK include/linux/netfilter.h:312 [inline]\r\n ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310\r\n __netif_receive_skb_one_core\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47685"
},
{
"cve": "CVE-2024-47692",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfsd: return -EINVAL when namelen is 0\r\nWhen we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdup_user() to return ZERO_SIZE_PTR.\r\nWhen we access the name.data that has been assigned the value of ZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is triggered.\r\n\r\n[ T1205] ==================================================================\r\n[ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205\r\n[ T1205]\r\n[ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406\r\n[ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014\r\n[ T1205] Call Trace:\r\n[ T1205] dump_stack+0x9a/0xd0\r\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205] __kasan_report.cold+0x34/0x84\r\n[ T1205] ? nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205] kasan_report+0x3a/0x50\r\n[ T1205] nfs4_client_to_reclaim+0xe9/0x260\r\n[ T1205] ? nfsd4_release_lockowner+0x410/0x410\r\n[ T1205] cld_pipe_downcall+0x5ca/0x760\r\n[ T1205] ? nfsd4_cld_tracking_exit+0x1d0/0x1d0\r\n[ T1205] ? down_write_killable_nested+0x170/0x170\r\n[ T1205] ? avc_policy_seqno+0x28/0x40\r\n[ T1205] ? selinux_file_permission+0x1b4/0x1e0\r\n[ T1205] rpc_pipe_write+0x84/0xb0\r\n[ T1205] vfs_write+0x143/0x520\r\n[ T1205] ksys_write+0xc9/0x170\r\n[ T1205] ? __ia32_sys_read+0x50/0x50\r\n[ T1205] ? ktime_get_coarse_real_ts64+0xfe/0x110\r\n[ T1205] ? ktime_get_coarse_real_ts64+0xa2/0x110\r\n[ T1205] do_syscall_64+0x33/0x40\r\n[ T1205] entry_SYSCALL_64_after_hwframe+0x67/0xd1\r\n[ T1205] RIP: 0033:0x7fdbdb761bc7\r\n[ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 514\r\n[ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\r\n[ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7\r\n[ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008\r\n[ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001\r\n[ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b\r\n[ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000\r\n[ T1205] ==================================================================",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47692"
},
{
"cve": "CVE-2024-47696",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\r\n\r\nIn the commit aee2424246f9 (\"RDMA/iwcm: Fix a use-after-free related to destroying CM IDs\"), the function flush_workqueue is invoked to flush the work queue iwcm_wq.\r\n\r\nBut at that time, the work queue iwcm_wq was created via the function alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\r\n\r\nBecause the current process is trying to flush the whole iwcm_wq, if iwcm_wq doesn\u0027t have the flag WQ_MEM_RECLAIM, verify that the current process is not reclaiming memory or running on a workqueue which doesn\u0027t have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee leading to a deadlock.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47696"
},
{
"cve": "CVE-2024-47697",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error\r\n\r\nEnsure index in rtl2830_pid_filter does not exceed 31 to prevent out-of-bounds access.\r\n\r\ndev-\u003efilters is a 32-bit value, so set_bit and clear_bit functions should only operate on indices from 0 to 31. If index is 32, it will attempt to access a non-existent 33rd bit, leading to out-of-bounds access.\r\nChange the boundary check from index \u003e 32 to index \u003e= 32 to resolve this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47697"
},
{
"cve": "CVE-2024-47699",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnilfs2: fix potential null-ptr-deref in nilfs_btree_insert()\r\n\r\nPatch series \"nilfs2: fix potential issues with empty b-tree nodes\".\r\n\r\nThis series addresses three potential issues with empty b-tree nodes that can occur with corrupted filesystem images, including one recently discovered by syzbot.\r\n\r\n\r\nThis patch (of 3):\r\n\r\nIf a b-tree is broken on the device, and the b-tree height is greater than 2 (the level of the root node is greater than 1) even if the number of child nodes of the b-tree root is 0, a NULL pointer dereference occurs in nilfs_btree_prepare_insert(), which is called from nilfs_btree_insert().\r\n\r\nThis is because, when the number of child nodes of the b-tree root is 0, nilfs_btree_do_lookup() does not set the block buffer head in any of path[x].bp_bh, leaving it as the initial value of NULL, but if the level of the b-tree root node is greater than 1, nilfs_btree_get_nonroot_node(), which accesses the buffer memory of path[x].bp_bh, is called.\r\n\r\nFix this issue by adding a check to nilfs_btree_root_broken(), which performs sanity checks when reading the root node from the device, to detect this inconsistency.\r\n\r\nThanks to Lizhi Xu for trying to solve the bug and clarifying the cause early on.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47699"
},
{
"cve": "CVE-2024-47701",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47701"
},
{
"cve": "CVE-2024-47705",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblock: fix potential invalid pointer dereference in blk_add_partition\r\n\r\nThe blk_add_partition() function initially used a single if-condition (IS_ERR(part)) to check for errors when adding a partition. This was modified to handle the specific case of -ENXIO separately, allowing the function to proceed without logging the error in this case. However, this change unintentionally left a path where md_autodetect_dev() could be called without confirming that part is a valid pointer.\r\n\r\nThis commit separates the error handling logic by splitting the initial if-condition, improving code readability and handling specific error scenarios explicitly. The function now distinguishes the general error case from -ENXIO without altering the existing behavior of md_autodetect_dev() calls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47705"
},
{
"cve": "CVE-2024-47706",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblock, bfq: fix possible UAF for bfqq-\u003ebic with merge chain\r\n\r\nIn this case, IO from Process 1 will get bfqq2 from BIC1 first, and then\r\nget bfqq3 through merge chain, and finially handle IO by bfqq3.\r\nHowerver, current code will think bfqq2 is owned by BIC1, like initial\r\nstate, and set bfqq2-\u003ebic to BIC1.\r\n\r\nAllocated by task 20776:\r\n kasan_save_stack+0x20/0x40 mm/kasan/common.c:45\r\n kasan_set_track+0x25/0x30 mm/kasan/common.c:52\r\n __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328\r\n kasan_slab_alloc include/linux/kasan.h:188 [inline]\r\n slab_post_alloc_hook mm/slab.h:763 [inline]\r\n slab_alloc_node mm/slub.c:3458 [inline]\r\n kmem_cache_alloc_node+0x1a4/0x6f0 mm/slub.c:3503\r\n ioc_create_icq block/blk-ioc.c:370 [inline]\r\n---truncated---",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47706"
},
{
"cve": "CVE-2024-47707",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "ipv6: A NULL dereference vulnerability may occur in rt6_uncached_list_flush_dev() due to the necessary check being removed by a previous commit.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47707"
},
{
"cve": "CVE-2024-47709",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "can: bcm: A warning is triggered when connect() is issued again for a socket whose connect()ed device has been unregistered. However, if the socket is just close()d without the 2nd connect(), the remaining bo-\u003ebcm_proc_read triggers unnecessary remove_proc_entry() in bcm_release().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47709"
},
{
"cve": "CVE-2024-47710",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "sock_map: vulnerability result of adding a cond_resched() in sock_hash_free() to prevent CPU soft lockups when destroying maps with a large number of buckets.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47710"
},
{
"cve": "CVE-2024-47713",
"cwe": {
"id": "CWE-664",
"name": "Improper Control of a Resource Through its Lifetime"
},
"notes": [
{
"category": "summary",
"text": "wifi: mac80211: vulnerability caused by implementing a two-phase skb reclamation in ieee80211_do_stop() to avoid warnings and potential issues caused by calling __dev_queue_xmit() with interrupts disabled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47713"
},
{
"cve": "CVE-2024-47718",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "wifi: rtw88: vulnerability may lead to a use-after-free (UAF) error if firmware loading is not properly synchronized during USB initialization and disconnection.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47718"
},
{
"cve": "CVE-2024-47723",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: fix out-of-bounds in dbNextAG() and diAlloc()\r\n\r\nIn dbNextAG() , there is no check for the case where bmp-\u003edb_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. Therefore, a bounds check should be added in dbMount().\r\n\r\nAnd in dbNextAG(), a check for the case where agpref is greater than bmp-\u003edb_numag should be added, so an out-of-bounds exception should be prevented.\r\n\r\nAdditionally, a check for the case where agno is greater or same than MAXAG should be added in diAlloc() to prevent out-of-bounds.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47723"
},
{
"cve": "CVE-2024-47735",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "RDMA/hns: missuse of spin_lock_irq()/spin_unlock_irq() when spin_lock_irqsave()/spin_lock_irqrestore() was hold.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47735"
},
{
"cve": "CVE-2024-47737",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: nfsd: call cache_put if xdr_reserve_space returns NULL.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47737"
},
{
"cve": "CVE-2024-47747",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition. In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to \u0026prev(dev)-\u003etimer. Once the timer is started, there is a risk of a race condition if the module or device is removed, triggering the ether3_remove function to perform cleanup.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-47747"
},
{
"cve": "CVE-2024-49851",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "summary",
"text": "tpm: Clean up TPM space after command failure tpm_dev_transmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handles being leaked if the device is subsequently closed with no further commands performed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49851"
},
{
"cve": "CVE-2024-49889",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: avoid use-after-free in ext4_ext_show_leaf()\r\n\r\nIn ext4_find_extent(), path may be freed by error or be reallocated, so\r\nusing a previously saved *ppath may have been freed and thus may trigger\r\nuse-after-free, as follows:\r\n\r\next4_split_extent\r\n path = *ppath;\r\n ext4_split_extent_at(ppath)\r\n path = ext4_find_extent(ppath)\r\n ext4_split_extent_at(ppath)\r\n // ext4_find_extent fails to free path\r\n // but zeroout succeeds\r\n ext4_ext_show_leaf(inode, path)\r\n eh = path[depth].p_hdr\r\n // path use-after-free !!!\r\n\r\nSimilar to ext4_split_extent_at(), we use *ppath directly as an input to\r\next4_ext_show_leaf(). Fix a spelling error by the way.\r\n\r\nSame problem in ext4_ext_handle_unwritten_extents(). Since \u0027path\u0027 is only\r\nused in ext4_ext_show_leaf(), remove \u0027path\u0027 and use *ppath directly.\r\n\r\nThis issue is triggered only when EXT_DEBUG is defined and therefore does\r\nnot affect functionality.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49889"
},
{
"cve": "CVE-2024-49890",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/pm: ensure the fw_info is not null before using it\r\n\r\nThis resolves the dereference null return value warning reported by Coverity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49890"
},
{
"cve": "CVE-2024-49892",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/display: Initialize get_bytes_per_element\u0027s default to 1\r\n\r\nVariables, used as denominators and maybe not assigned to other values, should not be 0. bytes_per_element_y \u0026 bytes_per_element_c are initialized by get_bytes_per_element() which should never return 0.\r\n\r\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49892"
},
{
"cve": "CVE-2024-49894",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/display: Fix index out of bounds in degamma hardware format translation\r\n\r\nFixes index out of bounds issue in\r\n`cm_helper_translate_curve_to_degamma_hw_format` function. The issue\r\ncould occur when the index \u0027i\u0027 exceeds the number of transfer function\r\npoints (TRANSFER_FUNC_POINTS).\r\n\r\nThe fix adds a check to ensure \u0027i\u0027 is within bounds before accessing the\r\ntransfer function points. If \u0027i\u0027 is out of bounds the function returns\r\nfalse to indicate an error.\r\n\r\nReported by smatch:\r\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.red\u0027 1025 \u003c= s32max\r\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.green\u0027 1025 \u003c= s32max\r\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow \u0027output_tf-\u003etf_pts.blue\u0027 1025 \u003c= s32max",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49894"
},
{
"cve": "CVE-2024-49900",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: Fix uninit-value access of new_ea in ea_buffer\r\n\r\nsyzbot reports that lzo1x_1_do_compress is using uninit-value:\r\n\r\n=====================================================\r\nBUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178\r\n\r\n...\r\n\r\nUninit was stored to memory at:\r\n ea_put fs/jfs/xattr.c:639 [inline]\r\n\r\n...\r\n\r\nLocal variable ea_buf created at:\r\n __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662\r\n __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934\r\n\r\n=====================================================\r\n\r\nThe reason is ea_buf-\u003enew_ea is not initialized properly.\r\n\r\nFix this by using memset to empty its content at the beginning\r\nin ea_get().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49900"
},
{
"cve": "CVE-2024-49902",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "jfs: vulnerability caused by assigning msm_gpu-\u003epdev earlier in the initialization process to prevent null pointer dereferences in msm_gpu_cleanup.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49902"
},
{
"cve": "CVE-2024-49903",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: Fix uaf in dbFreeBits\r\n\r\n[syzbot reported]\r\n==================================================================\r\nBUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline]\r\nBUG: KASAN: slab-use-after-free in __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\r\nRead of size 8 at addr ffff8880229254b0 by task syz-executor357/5216\r\n\r\nCPU: 0 UID: 0 PID: 5216 Comm: syz-executor357 Not tainted 6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\r\nCall Trace:\r\n \u003cTASK\u003e\r\n __dump_stack lib/dump_stack.c:93 [inline]\r\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\r\n print_address_description mm/kasan/report.c:377 [inline]\r\n print_report+0x169/0x550 mm/kasan/report.c:488\r\n kasan_report+0x143/0x180 mm/kasan/report.c:601\r\n __mutex_lock_common kernel/locking/mutex.c:587 [inline]\r\n __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752\r\n dbFreeBits+0x7ea/0xd90 fs/jfs/jfs_dmap.c:2390\r\n dbFreeDmap fs/jfs/jfs_dmap.c:2089 [inline]\r\n dbFree+0x35b/0x680 fs/jfs/jfs_dmap.c:409\r\n dbDiscardAG+0x8a9/0xa20 fs/jfs/jfs_dmap.c:1650\r\n jfs_ioc_trim+0x433/0x670 fs/jfs/jfs_discard.c:100\r\n jfs_ioctl+0x2d0/0x3e0 fs/jfs/ioctl.c:131\r\n vfs_ioctl fs/ioctl.c:51 [inline]\r\n __do_sys_ioctl fs/ioctl.c:907 [inline]\r\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\r\n\r\nFreed by task 5218:\r\n kasan_save_stack mm/kasan/common.c:47 [inline]\r\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\r\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\r\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\r\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\r\n kasan_slab_free include/linux/kasan.h:184 [inline]\r\n slab_free_hook mm/slub.c:2252 [inline]\r\n slab_free mm/slub.c:4473 [inline]\r\n kfree+0x149/0x360 mm/slub.c:4594\r\n dbUnmount+0x11d/0x190 fs/jfs/jfs_dmap.c:278\r\n jfs_mount_rw+0x4ac/0x6a0 fs/jfs/jfs_mount.c:247\r\n jfs_remount+0x3d1/0x6b0 fs/jfs/super.c:454\r\n reconfigure_super+0x445/0x880 fs/super.c:1083\r\n vfs_cmd_reconfigure fs/fsopen.c:263 [inline]\r\n vfs_fsconfig_locked fs/fsopen.c:292 [inline]\r\n __do_sys_fsconfig fs/fsopen.c:473 [inline]\r\n __se_sys_fsconfig+0xb6e/0xf80 fs/fsopen.c:345\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\n[Analysis]\r\nThere are two paths (dbUnmount and jfs_ioc_trim) that generate race condition when accessing bmap, which leads to the occurrence of uaf.\r\n\r\nUse the lock s_umount to synchronize them, in order to avoid uaf caused by race condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49903"
},
{
"cve": "CVE-2024-49930",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "wifi: ath11k: fix array out-of-bound access in SoC stats. Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a maximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx() function access ath11k_soc_dp_stats::hal_reo_error using the REO destination SRNG ring ID, which is incorrect. SRNG ring ID differ from normal ring ID, and this usage leads to out-of-bounds array access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49930"
},
{
"cve": "CVE-2024-49938",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit\r\n\r\nSyzbot points out that skb_trim() has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly just to reset the length to zero before resubmitting, so switch to calling __skb_set_length(skb, 0) directly. In addition, __skb_set_length() already contains a call to skb_reset_tail_pointer(), so remove the redundant call.\r\n\r\nThe syzbot report came from ath9k_hif_usb_reg_in_cb(), but there\u0027s a similar usage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we\u0027re at it.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49938"
},
{
"cve": "CVE-2024-49944",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start. In sctp_listen_start() invoked by sctp_inet_listen(), it should set the sk_state back to CLOSED if sctp_autobind() fails due to whatever reason. Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)-\u003ereuse is already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)-\u003ebind_hash will be dereferenced as sk_state is LISTENING, which causes a crash as bind_hash is NULL",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49944"
},
{
"cve": "CVE-2024-49948",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49948"
},
{
"cve": "CVE-2024-49949",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdisc_pkt_len_init() with UFO.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49949"
},
{
"cve": "CVE-2024-49952",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49952"
},
{
"cve": "CVE-2024-49955",
"cwe": {
"id": "CWE-672",
"name": "Operation on a Resource after Expiration or Release"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nACPI: battery: Fix possible crash when unregistering a battery hook\r\n\r\nWhen a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered.\r\nHowever the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash.\r\n\r\nFix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49955"
},
{
"cve": "CVE-2024-49973",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "r8169: RTL8125 added fields to the tally counter, this change could cause the chip to perform Direct Memory Access on these new fields, potentially writing to unallocated memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49973"
},
{
"cve": "CVE-2024-49977",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net: stmmac: port_transmit_rate_kbps could be set to a value of 0, which is then passed to the \"div_s64\" function when tc-cbs is disabled. This leads to a zero-division error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49977"
},
{
"cve": "CVE-2024-49997",
"cwe": {
"id": "CWE-226",
"name": "Sensitive Information in Resource Not Removed Before Reuse"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skb_put_padto() to pad Ethernet frames properly. The mentioned function zeroes the expanded buffer. In case the packet cannot be padded it is silently dropped. Statistics are also not incremented. This driver does not support statistics in the old 32-bit format or the new 64-bit format. These will be added in the future. In its current form, the patch should be easily backported to stable versions. Ethernet MACs on Amazon-SE and Danube cannot do padding of the packets in hardware, so software padding must be applied.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-49997"
},
{
"cve": "CVE-2024-50001",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/mlx5: Fix error path in multi-packet WQE transmit\r\n\r\nRemove the erroneous unmap in case no DMA mapping was established\r\n\r\nThe multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This could fail, e.g. under memory pressure, when the IOMMU driver just can\u0027t allocate more memory for page tables. While the code tries to handle this in the path below the err_unmap label it erroneously unmaps one entry from the sq\u0027s FIFO list of active mappings. Since the current map attempt failed this unmap is removing some random DMA mapping that might still be required. If the PCI function now presents that IOVA, the IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI function in error state.\r\n\r\nThe erroneous behavior was seen in a stress-test environment that created memory pressure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50001"
},
{
"cve": "CVE-2024-50006",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50006"
},
{
"cve": "CVE-2024-50008",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "wifi: mwifiex: memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Replace one-element array with a flexible-array member in `struct host_cmd_ds_802_11_scan_ext`.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50008"
},
{
"cve": "CVE-2024-50010",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nexec: don\u0027t WARN for racy path_noexec check\r\n\r\nBoth i_mode and noexec checks wrapped in WARN_ON stem from an artifact\r\nof the previous implementation. They used to legitimately check for the\r\ncondition, but that got moved up in two commits:\r\n633fb6ac3980 (\"exec: move S_ISREG() check earlier\")\r\n0fd338b2d2cd (\"exec: move path_noexec() check earlier\")\r\n\r\nInstead of being removed said checks are WARN_ON\u0027ed instead, which has some debug value.\r\n\r\nHowever, the spurious path_noexec check is racy, resulting in unwarranted warnings should someone race with setting the noexec flag.\r\n\r\nOne can note there is more to perm-checking whether execve is allowed and none of the conditions are guaranteed to still hold after they were tested for.\r\n\r\nAdditionally this does not validate whether the code path did any perm checking to begin with -- it will pass if the inode happens to be regular.\r\n\r\nKeep the redundant path_noexec() check even though it\u0027s mindless nonsense checking for guarantee that isn\u0027t given so drop the WARN.\r\n\r\nReword the commentary and do small tidy ups while here.\r\n\r\n[brauner: keep redundant path_noexec() check]",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50010"
},
{
"cve": "CVE-2024-50015",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "ext4: dax: Overflowing extents beyond inode size when partially writing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50015"
},
{
"cve": "CVE-2024-50033",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nslip: make slhc_remember() more robust against malicious packets\r\n\r\nsyzbot found that slhc_remember() was missing checks against\r\nmalicious packets [1].\r\n\r\nslhc_remember() only checked the size of the packet was at least 20,\r\nwhich is not good enough.\r\n\r\nWe need to make sure the packet includes the IPv4 and TCP header\r\nthat are supposed to be carried.\r\n\r\nAdd iph and th pointers to make the code more readable.\r\n\r\n[1]\r\n\r\nBUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\r\n slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666\r\n ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455\r\n ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline]\r\n ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212\r\n ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327\r\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\r\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\r\n __release_sock+0x1da/0x330 net/core/sock.c:3072\r\n release_sock+0x6b/0x250 net/core/sock.c:3626\r\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\r\n sock_sendmsg_nosec net/socket.c:729 [inline]\r\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nUninit was created at:\r\n slab_post_alloc_hook mm/slub.c:4091 [inline]\r\n slab_alloc_node mm/slub.c:4134 [inline]\r\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\r\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\r\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\r\n alloc_skb include/linux/skbuff.h:1322 [inline]\r\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\r\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\r\n sock_sendmsg_nosec net/socket.c:729 [inline]\r\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nCPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50033"
},
{
"cve": "CVE-2024-50035",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nppp: fix ppp_async_encode() illegal access\r\n\r\nsyzbot reported an issue in ppp_async_encode() [1]\r\n\r\nIn this case, pppoe_sendmsg() is called with a zero size.\r\nThen ppp_async_encode() is called with an empty skb.\r\n\r\nBUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\r\n BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\r\n ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]\r\n ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675\r\n ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634\r\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline]\r\n ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304\r\n pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379\r\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113\r\n __release_sock+0x1da/0x330 net/core/sock.c:3072\r\n release_sock+0x6b/0x250 net/core/sock.c:3626\r\n pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903\r\n sock_sendmsg_nosec net/socket.c:729 [inline]\r\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nUninit was created at:\r\n slab_post_alloc_hook mm/slub.c:4092 [inline]\r\n slab_alloc_node mm/slub.c:4135 [inline]\r\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187\r\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\r\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\r\n alloc_skb include/linux/skbuff.h:1322 [inline]\r\n sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732\r\n pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867\r\n sock_sendmsg_nosec net/socket.c:729 [inline]\r\n __sock_sendmsg+0x30f/0x380 net/socket.c:744\r\n ____sys_sendmsg+0x903/0xb60 net/socket.c:2602\r\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656\r\n __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742\r\n __do_sys_sendmmsg net/socket.c:2771 [inline]\r\n __se_sys_sendmmsg net/socket.c:2768 [inline]\r\n __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768\r\n x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308\r\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\r\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\r\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\r\n\r\nCPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0\r\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50035"
},
{
"cve": "CVE-2024-50039",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/sched: accept TCA_STAB only for root qdisc\r\n\r\nMost qdiscs maintain their backlog using qdisc_pkt_len(skb) on the assumption it is invariant between the enqueue() and dequeue() handlers.\r\n\r\nUnfortunately syzbot can crash a host rather easily using a TBF + SFQ combination, with an STAB on SFQ [1]\r\n\r\nWe can\u0027t support TCA_STAB on arbitrary level, this would require to maintain per-qdisc storage.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50039"
},
{
"cve": "CVE-2024-50040",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50040"
},
{
"cve": "CVE-2024-50044",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nBluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change\r\n\r\nrfcomm_sk_state_change attempts to use sock_lock so it must never be called with it locked but rfcomm_sock_ioctl always attempt to lock it.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50044"
},
{
"cve": "CVE-2024-50045",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: fix panic with metadata_dst skb.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50045"
},
{
"cve": "CVE-2024-50046",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nNFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()\r\n\r\nOn the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server.\r\nAccidentally, the nfs42_complete_copies() got a NULL-pointer dereference crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50046"
},
{
"cve": "CVE-2024-50058",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nserial: protect uart_port_dtr_rts() in uart_shutdown() too\r\n\r\nCommit af224ca2df29 (serial: core: Prevent unsafe uart port access, part 3) added few uport == NULL checks. It added one to uart_shutdown(), so the commit assumes, uport can be NULL in there. But right after that protection, there is an unprotected \"uart_port_dtr_rts(uport, false);\" call. That is invoked only if HUPCL is set, so I assume that is the reason why we do not see lots of these reports.\r\n\r\nOr it cannot be NULL at this point at all for some reason :P.\r\n\r\nUntil the above is investigated, stay on the safe side and move this dereference to the if too.\r\n\r\nI got this inconsistency from Coverity under CID 1585130. Thanks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50058"
},
{
"cve": "CVE-2024-50095",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nRDMA/mad: Improve handling of timed out WRs of mad agent\r\n\r\nCurrent timeout handler of mad agent acquires/releases mad_agent_priv lock for every timed out WRs. This causes heavy locking contention when higher no. of WRs are to be handled inside timeout handler.\r\n\r\nThis leads to softlockup with below trace in some use cases where rdma-cm path is used to establish connection between peer nodes\r\n\r\n\r\nSimplified timeout handler by creating local list of timed out WRs and invoke send handler post creating the list. The new method acquires/releases lock once to fetch the list and hence helps to reduce locking contetiong when processing higher no. of WRs",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50095"
},
{
"cve": "CVE-2024-50121",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "nfsd: problematic nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net. In the normal case, when we excute `echo 0 \u003e /proc/fs/nfsd/threads`, the function `nfs4_state_destroy_net` in `nfs4_state_shutdown_net` will release all resources related to the hashed `nfs4_client`.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50121"
},
{
"cve": "CVE-2024-50127",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: sched: fix use-after-free in taprio_change()\r\n\r\nIn \u0027taprio_change()\u0027, \u0027admin\u0027 pointer may become dangling due to sched switch / removal caused by \u0027advance_sched()\u0027, and critical section protected by \u0027q-current_entry_lock\u0027 is too small to prevent from such a scenario (which causes use-after-free detected by KASAN). Fix this by prefer \u0027rcu_replace_pointer()\u0027 ver \u0027rcu_assign_pointer()\u0027 to update \u0027admin\u0027 immediately before an attempt to schedule freeing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50127"
},
{
"cve": "CVE-2024-50131",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntracing: Consider the NULL character when validating the event length\r\n\r\nstrlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL terminating character.\r\n\r\nThis commit checks this condition and returns failure for it.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50131"
},
{
"cve": "CVE-2024-50134",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA\r\n\r\nReplace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a \"memcpy: detected field-spanning write error\".\r\n\r\nNote as mentioned in the added comment it seems the original length calculation for the allocated and send hgsmi buffer is 4 bytes too large.\r\nChanging this is not the goal of this patch, so this behavior is kept.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50134"
},
{
"cve": "CVE-2024-50142",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\r\n\r\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:Validate address prefix lengths in the xfrm selector.\")\r\n\r\nsyzbot created an SA with\r\n usersa.sel.family = AF_UNSPEC\r\n usersa.sel.prefixlen_s = 128\r\n usersa.family = AF_INET\r\n\r\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put limits on prefixlen_{s,d}. But then copy_from_user_state sets x-\u003esel.family to usersa.family (AF_INET). Do the same conversion inverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s howprefixlen is going to be used later on.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50142"
},
{
"cve": "CVE-2024-50148",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nBluetooth: bnep: fix wild-memory-access in proto_unregister\r\n\r\nAs bnep_init() ignore bnep_sock_init()\u0027s return value, and bnep_sock_init() will cleanup all resource. Then when remove bnep module will call bnep_sock_cleanup() to cleanup sock\u0027s resource.\r\nTo solve above issue just return bnep_sock_init()\u0027s return value in bnep_exit().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50148"
},
{
"cve": "CVE-2024-50150",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: typec: altmode should keep reference to parent\r\n\r\nThe altmode device release refers to its parent device, but without keeping\r\na reference to it.\r\n\r\nWhen registering the altmode, get a reference to the parent and put it in\r\nthe release function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50150"
},
{
"cve": "CVE-2024-50151",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nsmb: client: fix OOBs when building SMB2_IOCTL request\r\n\r\nWhen using encryption, either enforced by the server or when using\r\n\u0027seal\u0027 mount option, the client will squash all compound request buffers\r\ndown for encryption into a single iov in smb2_set_next_command().\r\n\r\nSMB2_ioctl_init() allocates a small buffer (448 bytes) to hold the\r\nSMB2_IOCTL request in the first iov, and if the user passes an input\r\nbuffer that is greater than 328 bytes, smb2_set_next_command() will\r\nend up writing off the end of @rqst-\u003eiov[0].iov_base as shown below:\r\n\r\n mount.cifs //srv/share /mnt -o ...,seal\r\n ln -s $(perl -e \"print(\u0027a\u0027)for 1..1024\") /mnt/link\r\n\r\n BUG: KASAN: slab-out-of-bounds in\r\n smb2_set_next_command.cold+0x1d6/0x24c [cifs]\r\n Write of size 4116 at addr ffff8881148fcab8 by task ln/859",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50151"
},
{
"cve": "CVE-2024-50153",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nscsi: target: core: Fix null-ptr-deref in target_alloc_device()\r\n\r\nThere is a null-ptr-deref issue reported by KASAN:\r\n\r\nBUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod]\r\n...\r\n kasan_report+0xb9/0xf0\r\n target_alloc_device+0xbc4/0xbe0 [target_core_mod]\r\n core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod]\r\n target_core_init_configfs+0x205/0x420 [target_core_mod]\r\n do_one_initcall+0xdd/0x4e0\r\n...\r\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\r\n\r\nIn target_alloc_device(), if allocing memory for dev queues fails, then\r\ndev will be freed by dev-\u003etransport-\u003efree_device(), but dev-\u003etransport\r\nis not initialized at that time, which will lead to a null pointer\r\nreference problem.\r\n\r\nFixing this bug by freeing dev with hba-\u003ebackend-\u003eops-\u003efree_device().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50153"
},
{
"cve": "CVE-2024-50188",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "net: phy: dp83869: fix memory corruption when enabling fiber. When configuring the fiber port, the DP83869 PHY driver incorrectly calls linkmode_set_bit() with a bit mask (1 \u0026lt;\u0026lt; 10) rather than a bit number (10). This corrupts some other memory location -- in case of arm64 the priv pointer in the same structure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50188"
},
{
"cve": "CVE-2024-50205",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()\r\n\r\nThe step variable is initialized to zero. It is changed in the loop,\r\nbut if it\u0027s not changed it will remain zero. Add a variable check\r\nbefore the division.\r\n\r\nThe observed behavior was introduced by commit 826b5de90c0b\r\n(\"ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size\"),\r\nand it is difficult to show that any of the interval parameters will\r\nsatisfy the snd_interval_test() condition with data from the\r\namdtp_rate_table[] table.\r\n\r\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50205"
},
{
"cve": "CVE-2024-50210",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nposix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()\r\n\r\nIf get_clock_desc() succeeds, it calls fget() for the clockid\u0027s fd,\r\nand get the clk-\u003erwsem read lock, so the error path should release\r\nthe lock to make the lock balance and fput the clockid\u0027s fd to make\r\nthe refcount balance and release the fd related resource.\r\n\r\nHowever the below commit left the error path locked behind resulting in\r\nunbalanced locking. Check timespec64_valid_strict() before\r\nget_clock_desc() to fix it, because the \"ts\" is not changed\r\nafter that.\r\n\r\n[pabeni@redhat.com: fixed commit message typo]",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50210"
},
{
"cve": "CVE-2024-50251",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it checks that the expected length to be included in the checksum calculation is fully consumed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50251"
},
{
"cve": "CVE-2024-50262",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50262"
},
{
"cve": "CVE-2024-50299",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50299"
},
{
"cve": "CVE-2024-50301",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50301"
},
{
"cve": "CVE-2024-50302",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let\u0027s zero-initialize it during allocation to make sure that it can\u0027t be ever used to leak kernel memory via specially-crafted report.",
"title": "Summary"
},
{
"category": "summary",
"text": "The information disclosure is limited to HID driver report data. Successful exploitation requires the installation of malicious code on the device.",
"title": "For SIMATIC S7-1500 TM MFP - GNU/Linux subsystem"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-50302"
},
{
"cve": "CVE-2024-53042",
"cwe": {
"id": "CWE-662",
"name": "Improper Synchronization"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()\r\n\r\nThere are code paths from which the function is called without holding\r\nthe RCU read lock, resulting in a suspicious RCU usage warning [1].\r\n\r\nFix by using l3mdev_master_upper_ifindex_by_index() which will acquire\r\nthe RCU read lock before calling\r\nl3mdev_master_upper_ifindex_by_index_rcu().\r\n\r\n[1]\r\nWARNING: suspicious RCU usage\r\n6.12.0-rc3-custom-gac8f72681cf2 #141 Not tainted\r\n-----------------------------\r\nnet/core/dev.c:876 RCU-list traversed in non-reader section!!\r\n\r\nother info that might help us debug this:\r\n\r\nrcu_scheduler_active = 2, debug_locks = 1\r\n1 lock held by ip/361:\r\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-53042"
},
{
"cve": "CVE-2024-53057",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53059",
"cwe": {
"id": "CWE-460",
"name": "Improper Cleanup on Thrown Exception"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()\r\n\r\n1. The size of the response packet is not validated.\r\n2. The response buffer is not freed.\r\n\r\nResolve these issues by switching to iwl_mvm_send_cmd_status(), which handles both size validation and frees the buffer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-53059"
},
{
"cve": "CVE-2024-53101",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr-\u003eia_mode, attr-\u003eia_uid and attr-\u003eia_gid in a trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren\u0027t set. Initialize all fields of newattrs to avoid uninitialized variables, by checking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-53101"
},
{
"cve": "CVE-2024-53124",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "net: fix data-races around sk sk_forward_alloc.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-53124"
},
{
"cve": "CVE-2024-56631",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\nscsi: sg: Fix slab-use-after-free read in sg_release()\r\nFix a use-after-free bug in sg_release(), detected by syzbot with KASAN:\r\n\r\nThe fix has been tested and validated by syzbot. This patch closes the\r\nbug reported at the following syzkaller link and ensures proper\r\nsequencing of resource cleanup and mutex operations, eliminating the\r\nrisk of use-after-free errors in sg_release().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-56631"
},
{
"cve": "CVE-2024-56672",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nblk-cgroup: Fix UAF in blkcg_unpin_online()\r\n\r\nblkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To\r\nwalk up, it uses blkcg_parent(blkcg) but it was calling that after\r\nblkcg_destroy_blkgs(blkcg) which could free the blkcg",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-56672"
},
{
"cve": "CVE-2024-57901",
"cwe": {
"id": "CWE-664",
"name": "Improper Control of a Resource Through its Lifetime"
},
"notes": [
{
"category": "summary",
"text": "af_packet: vlan_get_protocol_dgram() vs MSG_PEEK Blamed allowing a crash.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57901"
},
{
"cve": "CVE-2024-57902",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\naf_packet: fix vlan_get_tci() vs MSG_PEEK\r\n\r\nBlamed commit forgot MSG_PEEK case, allowing a crash [1] as found\r\nby syzbot.\r\n\r\nRework vlan_get_tci() to not touch skb at all,\r\nso that it can be used from many cpus on the same skb.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57902"
},
{
"cve": "CVE-2024-57913",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: gadget: f_fs: Remove WARN_ON in functionfs_bind",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57913"
},
{
"cve": "CVE-2024-57929",
"cwe": {
"id": "CWE-672",
"name": "Operation on a Resource after Expiration or Release"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndm array: fix releasing a faulty array block twice in dm_array_cursor_end\r\n\r\nWhen dm_bm_read_lock() fails due to locking or checksum errors, it\r\nreleases the faulty block implicitly while leaving an invalid output\r\npointer behind. The caller of dm_bm_read_lock() should not operate on\r\nthis invalid dm_block pointer, or it will lead to undefined result.\r\nFor example, the dm_array_cursor incorrectly caches the invalid pointer\r\non reading a faulty array block, causing a double release in\r\ndm_array_cursor_end(), then hitting the BUG_ON in dm-bufio cache_put().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57929"
},
{
"cve": "CVE-2024-57940",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "exfat: fix the infinite loop in exfat_readdir() If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, dentry will not be incremented, causing condition dentry \u003c max_dentries unable to prevent an infinite loop. This infinite loop causes s_lock not to be released, and other tasks will hang, such as exfat_sync_fs().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57940"
},
{
"cve": "CVE-2024-57948",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmac802154: check local interfaces before deleting sdata list\r\n\r\nsyzkaller reported a corrupted list in ieee802154_if_remove. [1]\r\n\r\nRemove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4\r\nhardware device from the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57951",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nhrtimers: Handle CPU state correctly on hotplug\r\n\r\nConsider a scenario where a CPU transitions from CPUHP_ONLINE to halfway\r\nthrough a CPU hotunplug down to CPUHP_HRTIMERS_PREPARE, and then back to\r\nCPUHP_ONLINE:\r\n\r\nSince hrtimers_prepare_cpu() does not run, cpu_base.hres_active remains set\r\nto 1 throughout. However, during a CPU unplug operation, the tick and the\r\nclockevents are shut down at CPUHP_AP_TICK_DYING. On return to the online\r\nstate, for instance CFS incorrectly assumes that the hrtick is already\r\nactive, and the chance of the clockevent device to transition to oneshot\r\nmode is also lost forever for the CPU, unless it goes back to a lower state\r\nthan CPUHP_HRTIMERS_PREPARE once.\r\n\r\nThis round-trip reveals another issue; cpu_base.online is not set to 1\r\nafter the transition, which appears as a WARN_ON_ONCE in enqueue_hrtimer().\r\n\r\nAside of that, the bulk of the per CPU state is not reset either, which\r\nmeans there are dangling pointers in the worst case.\r\n\r\nAddress this by adding a corresponding startup() callback, which resets the\r\nstale per CPU state and sets the online flag.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-57951"
},
{
"cve": "CVE-2025-21638",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, but that would\nincrease the size of this fix, while \u0027sctp.ctl_sock\u0027 still needs to be\nretrieved from \u0027net\u0027 structure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: rto_min/max: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.rto_min/max\u0027 is used.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21648",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: conntrack: clamp maximum hashtable size to INT_MAX\r\n\r\nUse INT_MAX as maximum size for the conntrack hashtable. Otherwise, it\r\nis possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when\r\nresizing hashtable because __GFP_NOWARN is unset. See:\r\n\r\n 0708a0afe291 (\"mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls\")\r\n\r\nNote: hashtable resize is only possible from init_netns.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21648"
},
{
"cve": "CVE-2025-21653",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21653"
},
{
"cve": "CVE-2025-21664",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "dm thin: make get_first_thin use rcu-safe list first function",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21664"
},
{
"cve": "CVE-2025-21666",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "vsock: prevent null-ptr-deref in vsock_has_data|has_space",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21666"
},
{
"cve": "CVE-2025-21669",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "vsock/virtio: discard packets if the transport changes",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21669"
},
{
"cve": "CVE-2025-21678",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "gtp: Destroy device along with udp socket\u0027s netns dismantle",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21678"
},
{
"cve": "CVE-2025-21683",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "summary",
"text": "bpf: Fix bpf_sk_select_reuseport() memory leak",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21683"
},
{
"cve": "CVE-2025-21692",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "summary",
"text": "net: sched: fix ets qdisc OOB Indexing",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21694",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "fs/proc: softlockup in __read_vmcore",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only build and run applications from trusted sources",
"product_ids": [
"1"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-21694"
}
]
}
ghsa-2gpq-mc93-wwwp
Vulnerability from github
Published
2025-01-19 12:31
Modified
2025-04-10 15:31
Severity ?
VLAI Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons:
-
Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns.
-
current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2).
The 'net' structure can be obtained from the table->data using container_of().
Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.sctp_hmac_alg' is used.
{
"affected": [],
"aliases": [
"CVE-2025-21640"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-19T11:15:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the \u0027net\u0027\nstructure via \u0027current\u0027 is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader\u0027s/writer\u0027s netns vs only\n from the opener\u0027s netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an \u0027Oops\u0027\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe \u0027net\u0027 structure can be obtained from the table-\u003edata using\ncontainer_of().\n\nNote that table-\u003edata could also be used directly, as this is the only\nmember needed from the \u0027net\u0027 structure, but that would increase the size\nof this fix, to use \u0027*data\u0027 everywhere \u0027net-\u003esctp.sctp_hmac_alg\u0027 is\nused.",
"id": "GHSA-2gpq-mc93-wwwp",
"modified": "2025-04-10T15:31:40Z",
"published": "2025-01-19T12:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21640"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03ca51faba2b017bf6c90e139434c4117d0afcdc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1031462a944ba0fa83c25ab1111465f8345b5589"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3cd0659deb9c03535fd61839e91d4d4d3e51ac71"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5599b212d2f4466e1832a94e9932684aaa364587"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/86ddf8118123cb58a0fb8724cad6979c4069065b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ad673e514b2793b8d5902f6ba6ab7e890dea23d5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ea62dd1383913b5999f3d16ae99d411f41b528d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f0bb3935470684306e4e04793a20ac4c4b08de0b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…